I have an ssl certificate installed on my server, and the Secure Pages module installed. On loading my site from https it does encrypt briefly - the address bar turns green as it should per the cert - but then it unencrypts. If I get info on the site it shows the cert information, nut says your connection is not encrypted. It is important that the connection remains encrypted.

How can I do this?

Comments

pobster’s picture

Sounds like you've just configured secure_pages badly. Without wishing really to get too involved (as ssl can be really in-depth and problematic)... It sounds like your matching is set a bit too literally, why not for a start try unchecking the 'revert back to http' checkbox (which undoubtedly you've got checked).

Pobster

egsj’s picture

I actually don't have the fall back to http checked. I also have secure every page except listed selected with none listed. And it is, of course, enabled.

I also tried setting my base url in my settings file, it did the same thing.

It encrypts momentarily but then for some reason does not stay encrypted.

egsj’s picture

Even on only secure some pages and listing obvious pages (user, etc) it still only encrypts while loading then unencrypts.

pobster’s picture

Does the site work if you turn off secure pages and navigate to https://www.yoursite.com? If so, then post your secure pages settings here it's the only I'll be able to tell if you've put it in a loop.

Pobster

egsj’s picture

It does work without secure pages browsing to https, however it does the same thing.

Secure pages settings: http://www.sprocket-design.com/securepages.JPG

pobster’s picture

Okay, phew - this is going to be easy after all. You need to disable your rich text editor (is that fckeditor?) as your entries are being converted to pure html (newlines are literally <p> tags). There's a section (assuming that is fckeditor) which is like an ignore fields/ pages setting for your admin profile, just make sure you put admin* (or maybe admin/*) into it - using a rich text editor on settings pages is just asking for trouble...

Pobster

egsj’s picture

Thanks for your help. I disabled fck on all admin pages, then updated the settings to make secure listed pages, listing * (no rich editor present.)

Its still performing the same behavior, though. It loads, encrypts, the url goes green to verify secure, then it goes back to normal and the connection unencrypts.

pobster’s picture

Okay here's some more thoughts;

  • Make sure you don't have any blank lines in your configs (they'll count as matches)
  • Instead of using a wildcard with 'Make secure only the listed pages', try using 'Make secure every page except the listed pages' with no matches at all
  • Now you don't have fckeditor messing up your settings, use the 'reset to defaults' button to get back the correct settings (especially for the 'ignore' section right at the bottom)

Pobster

egsj’s picture

Thanks a lot, much appreciated. By doing everything you said it is now working with some caveats.

In IE8, Chrome, and Safari it works perfectly. Green bar or lock, stays encrypted, wonderful.

On FF, not so much, but it does at least encrypt when sending data, it just unencrypts for some reason after the page has loaded. Weird.

pobster’s picture

Sounds more like it's a problem with your browser (with the problems you had before, maybe something is cached?) how about trying it from a different computer using FF, obviously one which hasn't connected to the site before.

Pobster

Madbreaks’s picture

I had this problem today as well, finally got it figured out. The issue was, when Firefox failed to find my site's favicon.ico, it was attempting to pull down a '403.shtml' error page to display, and it was doing so via http and not https. This resulted in a 'mixed content' page - some ssl, some not...and in that case Firefox won't keep your connection encrypted. This is easy to figure out, the little padlock in the lower-right corner of your browser will have a slash through it if the connection is not secure...click on it and see what it says.

So yeah, check your server logs to see if your encrypted page is requesting something that your server can't locate. And FYI, I used Chrome's debugging utility to track down what was getting requested via http (403.shtml), but if you've got Firebug installed that should work as well.

Good luck

luf’s picture

Madbreaks post is correct, if your site is missing an image file somewhere it will seek it in http and return an http page ONLY in FireFox, all other browsers work fine.

drinknbud’s picture

I just had a similar problem to the one you were describing and I finally figured out that the images I had linked to in my header and footer were http: and not https:... Added in the "s" to all of the links and it looks like all of the browsers are happy with SSL cert now. Hope that helps!