Hello,

I have ubercart installed and SSL activated for the cart, checkout pages.

When I want to click on "Checkout" or "Submit order" in Firefox, a warning message pops up.

"Although the page is encrypted the info you have entered is to be sent over an unencrypted connection and could easily be read by a third party?"

Now, my webshop cannot go online with such a warning message to the user (hence I indicated 'critical'). I read that the issue is that the checkout and order detail forms don't have conn=ssl included in the html. Could that be? Or what else is causing this behaviour?

The page after checkout or confirm payment are also ssl encrypted.

Can anybody help me with this?

Thanks a lot.

Cheers,

Comments

wxman’s picture

wxman commented

I'm getting the same thing in a bookstore I have for one of our customers. In my case, the item is just a thumbnail copy of the book cover. I tried unchecking the "Switch back to http pages when there are no matches" but that didn't help. I can't think of a way to make the images like that show as secure. If you need help finding what is causing the warning, what I did was open the page in IE8. It gives the warning with a selection to see only the secured items. What ever comes up missing is the cause. I would still like too see a way around this.

Militopedia’s picture

Militopedia commented

Hello wxman,

Thanks for your message. I think that you may have a different problem than I do. If not all photos are encrypted (with https path or relative path) IE and Firefox may give a warning message that not the whole page is encrypted/secure.

If I go to 'Checkout' or 'Order submit' page, my page is fully encrypted and everything secured. Also the cart thumbnails have https paths. So, this is in my case not the problem. If you are having this issue, I think you need to change the paths in the code from absolute to relative, that should work.

The problem I am having is I think related to how the information in the forms are sended. I have read many discussion threads related to Firefox's "Although the page is encrypted the info you have entered is to be sent over an unencrypted connection and could easily be read by a third party?" warning message, but haven't found any solution yet. I cannot go live with my website until this is resolved as most customers would probably stop shopping when such a warning message pops up.

Any help would be appreciated. I am sure I am not the only one having this problem.

Cheers,
Roger

wxman’s picture

wxman commented

Hi Militopedia. Your problem does sound different than mine. I can't duplicate your here, even with the live site. The site does a ton of sales, and the users are really paranoid. If that warning you get showed up here, they would all flee in terror. I know it's a long shot, but could the fault be in your certificate itself? We're using the lowest SSL from Godaddy. It's the one that only requires the validated URL. Are you on a "live" server, or is it a localhost? I remember having a lot of strange SSL problems when I was testing on a localhost.

The only error I can generate is the stupid one connected with the thumbnails. I'm using relative paths for the book cover images, that's why I can't figure mine out either.

Militopedia’s picture

Militopedia commented

Hi wxman,

I have contacted my server hosting company to ask whether the problem may be related to the SSL certificate. The information about the certificate says high-grade encryption 256 bit, so maybe that's the problem?

I am already on a live server and not on a localhost as the website is almost complete except for this and some other smaller issues.

Maybe you have some small icons at the bottom of the page that use absolute paths or smileys in the text or somthing you would not think of immedeately? I had such icons at the bottom of the page (e.g. to share on facebook) and had the same problem first.

Cheers,
Roger

Militopedia’s picture

Militopedia commented

Hi wxman,

I found the solution. Actually, it's quite a stuipid one... while I added e.g. cart/* to the SecurePages list of pages to be encrypted, I forgot to add the translated pages, e.g. de/cart/*. After I did this, no warning message popped up anymore :-)

Cheers,
Roger

sreynen’s picture

sreynen commented
Status: Active » Fixed

I found the solution.

Sounds like the original problem is solved.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

DrunkMunki’s picture

DrunkMunki commented

although the issue is fixed, for future users you should check out http://www.whynopadlock.com/ it scans your site and lets you know why your generating that message.