Jump to content
generalexperts

[SOLVED] New SSL certificate, yellow to green padlock, how to fix insecure URL's

Recommended Posts

On whynopadlock I have some URL's that say they are insecure. I have looked in the forums and tried just about everything. Nothing has worked. I'm using PS 1.5.4.1. with the Warehouse theme.

 

 Thanks!

Edited by generalexperts (see edit history)

Share this post


Link to post
Share on other sites

I was able to fix the unsecure URL's on my site. whynopadlock says everything is good. Now when I enter a secure area on my site it quickly goes from green to yellow padlock. Anyone know how to fix, or diagnose this problem?

 

Thank you!

Edited by generalexperts (see edit history)

Share this post


Link to post
Share on other sites

i dont really understand the question though but.

 

 

Domain Name:
URL Tested:
Number of items downloaded on page: 97

check.PNGValid Certificate found. check.PNGCertificate valid through: Aug 21 23:59:59 2015 GMT
Certificate Issuer: COMODO CA Limited check.PNGAll 97 items called securely! check.PNGSecure calls made to other websites:


apis.google.com is valid and secure.

 is valid and secure.

Edited by Zeepshop (see edit history)
  • Like 1

Share this post


Link to post
Share on other sites

Hi!

 

All locks good if you check this out: ********

 

Then type in you're site.

 

If you paid for the green bar? It is not cheap, it costs From € 359.00 per year. Then it should be GREEN.

 

If you have a regular certificate, you will get a green bar if you use Google Crome. But not with other browsers.

 

By the way, not to have a green bar does not mean you are unsecured. HTTP (S) means that it is secure.

 

Consumers have been taught that they must look for the green bar to be sure that the site is secured. I think that, given that in a big way only company that can afford these ridiculously expensive certificates. Sure, you get a much higher security, and moreover, you are insured with a fairly high amount if you get hacked, sure that's really good! But they should lower the prices considerably so that we all shop owners would be able to drive safer and that clients might feel safer too. But that's my thoughts. What do you think?

 

Regards

 

MacRoy

Edited by MacRoy (see edit history)

Share this post


Link to post
Share on other sites

Everything looks good except for when using Chrome. It goes quickly from Green to yellow. I did not pay that high of a price for my SSL per year. Although, I think there is something else in my site that isn't being detected, because why would it show green at all. I'm also using Front Office Zoom module which loads content at the top first or uneeded, so maybe it gets to the bottom of my site or something not needed to load right away (purpose of this module) and the content is unsecure so it switches? I don't know. 

 

Yes i am aware yellow is fine, just trying to keep customers from leaving. Such an annoying problem!

 

Thanks!

Share this post


Link to post
Share on other sites

Your connection to www.******.com is not encrypted. This is what Google says, if you click on your certficate and reads on the Connection tab. 

 
You should check in your .htaccess file, the problem may come from.
 
 
Regards
 
MacRoy
Edited by MacRoy (see edit history)
  • Like 1

Share this post


Link to post
Share on other sites

I'm reading that it is encrypted under the connection tab. But there are other resources which are maybe not secure. 

 

 

Not sure what I would do in my .htaccess file. But here it is....



# ~~start~~ Do not remove this comment, Prestashop will keep automatically the code outside this comment when .htaccess will be generated again
# .htaccess automaticaly generated by PrestaShop e-commerce open-source solution
# http://www.prestashop.com - http://www.prestashop.com/forums

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule . - [E=REWRITEBASE:/]
RewriteRule ^api/?(.*)$ %{ENV:REWRITEBASE}webservice/dispatcher.php?url=$1 [QSA,L]

# Images
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$1$2$3.jpg [L]
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$1$2$3$4.jpg [L]
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$1$2$3$4$5.jpg [L]
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg [L]
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg [L]
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg [L]
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg [L]
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg [L]
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/c/$1$2$3.jpg [L]
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/c/$1$2.jpg [L]
# AlphaImageLoader for IE and fancybox
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^images_ie/?([^/]+)\.(jpe?g|png|gif)$ js/jquery/plugins/fancybox/images/$1.$2 [L]

# Dispatcher
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^.*$ - [NC,L]
RewriteCond %{HTTP_HOST} ^www.mysite.com$
RewriteRule ^.*$ %{ENV:REWRITEBASE}index.php [NC,L]
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule . - [E=REWRITEBASE:/]
RewriteRule ^api/?(.*)$ %{ENV:REWRITEBASE}webservice/dispatcher.php?url=$1 [QSA,L]

# Images
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$1$2$3.jpg [L]
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$1$2$3$4.jpg [L]
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$1$2$3$4$5.jpg [L]
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg [L]
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg [L]
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg [L]
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg [L]
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg [L]
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/c/$1$2$3.jpg [L]
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/c/$1$2.jpg [L]
# AlphaImageLoader for IE and fancybox
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^images_ie/?([^/]+)\.(jpe?g|png|gif)$ js/jquery/plugins/fancybox/images/$1.$2 [L]

# Dispatcher
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^.*$ - [NC,L]
RewriteCond %{HTTP_HOST} ^mysite.com$
RewriteRule ^.*$ %{ENV:REWRITEBASE}index.php [NC,L]
</IfModule>

<IfModule mod_expires.c>
	ExpiresActive On
	ExpiresByType image/gif "access plus 1 month"
	ExpiresByType image/jpeg "access plus 1 month"
	ExpiresByType image/png "access plus 1 month"
	ExpiresByType text/css "access plus 1 week"
	ExpiresByType text/javascript "access plus 1 week"
	ExpiresByType application/javascript "access plus 1 week"
	ExpiresByType application/x-javascript "access plus 1 week"
	ExpiresByType image/x-icon "access plus 1 year"
</IfModule>

FileETag INode MTime Size
<IfModule mod_deflate.c>
	<IfModule mod_filter.c>
		AddOutputFilterByType DEFLATE text/html text/css text/javascript application/javascript application/x-javascript
	</IfModule>
</IfModule>

#If rewrite mod isn't enabled
ErrorDocument 404 /index.php?controller=404

# ~~end~~ Do not remove this comment, Prestashop will keep automatically the code outside this comment when .htaccess will be generated again


# block visitors referred from semalt.com
RewriteEngine on
RewriteCond %{HTTP_REFERER} semalt.com [NC]
RewriteRule .* - [F]

AuthName "My Domain"
AuthUserFile "/home1/site/.htpasswds/public_html/mysite/passwd"
# Start CloudFlare:mydomain.com rewrite. Do not Edit 
RewriteEngine On 
RewriteCond %{HTTP_HOST} ^mysite.com 
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L] 
# End CloudFlare rewrite.

<FilesMatch "\.(ttf|otf|eot|woff)$">
  <IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
  </IfModule>
</FilesMatch>

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?askapache\.com/.*$ [NC]
RewriteRule \.(gif|jpg|swf|flv|png)$ /feed/ [R=302,L]

# ----------------------------------------------------------------------
# CORS-enabled images (@crossorigin)
# ----------------------------------------------------------------------
# Send CORS headers if browsers request them; enabled by default for images.
# developer.mozilla.org/en/CORS_Enabled_Image
# blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html
# hacks.mozilla.org/2011/11/using-cors-to-load-webgl-textures-from-cross-domain-images/
# wiki.mozilla.org/Security/Reviews/crossoriginAttribute
<IfModule mod_setenvif.c>
  <IfModule mod_headers.c>
	# mod_headers, y u no match by Content-Type?!
	<FilesMatch ".(gif|png|jpe?g|svg|svgz|ico|webp)$">
	  SetEnvIf Origin ":" IS_CORS
	  Header set Access-Control-Allow-Origin "*" env=IS_CORS
	</FilesMatch>
  </IfModule>
</IfModule>
# ----------------------------------------------------------------------
# force the "www." at the beginning of URLs or vise versa as long as your using one or the other only and not both!
# ----------------------------------------------------------------------
RewriteCond %{HTTP_HOST} ^mysite.com
RewriteRule ^(.*)$ http://www.mysite.com/$1 [R=301,L]


# ----------------------------------------------------------------------
# Cross-domain AJAX requests
# ----------------------------------------------------------------------
# Serve cross-domain Ajax requests, disabled by default.
# enable-cors.org
# code.google.com/p/html5security/wiki/CrossOriginRequestSecurity
#  <IfModule mod_headers.c>
#	Header set Access-Control-Allow-Origin "*"
#  </IfModule> 
Edited by generalexperts (see edit history)

Share this post


Link to post
Share on other sites

Have you tried on line 122: RewriteRule ^ (. *) $ Http: //www.% {HTTP_HOST} / $ 1 [R = 301, L] Adding HTTPS? It is just http.

What is write and read access to the file

 

I have corrected what you requested in your memo.

 

 

Regards

 

MacRoy

Share this post


Link to post
Share on other sites

I contacted the site I got my SSL certificate. They said it was good. They said that it could be the js that is loading that refers to some http links. Does anyone know which ones those might be?

Share this post


Link to post
Share on other sites

The issue is your search form.  Chrome is reporting this issue

The page at was loaded over HTTPS, but is submitting data to an insecure location at this content should also be submitted over HTTPS.

The page is submitting data to an insecure location, means that when a customer attempts to perform a search, that data will go to the server using http (not secure).

<form method="get" action="http://www.domain.com/en/search" id="searchbox">

You need to edit the blocksearch template and change it to use ssl

Edited by bellini13 (see edit history)
  • Like 1

Share this post


Link to post
Share on other sites

I changed the 'blocksearch-top.tpl file. I had two lines of below:

<form method="get" action="{$link->getPageLink('search', true)}" id="searchbox">

I changed it to 

<form method="get" action="{$link->getPageLink('/search',true)}" id="searchbox">

This worked right away! I found the correct solution to editing this in the general discussion forum

'Quick Search Block module provokes unsecure SSL'

 

Thanks!

Edited by generalexperts (see edit history)

Share this post


Link to post
Share on other sites

I fixed the error on computer by adding the "true" in blocksearch-top.tpl .

But don't know how to fix the mobile side.

Although, I did same thing in blocksearch-top.tpl under mobile theme.

Using: prestashop 1.4.11

           mobile theme module by prestashop

Please help

 

Thanks

Share this post


Link to post
Share on other sites

I changed the 'blocksearch-top.tpl file. I had two lines of below:

<form method="get" action="{$link->getPageLink('search', true)}" id="searchbox">

I changed it to 

<form method="get" action="{$link->getPageLink('/search',true)}" id="searchbox">

This worked right away! I found the correct solution to editing this in the general discussion forum

'Quick Search Block module provokes unsecure SSL'

 

Thanks!

 

Does it mean you did add only forward slash symbol? I did it, but nothing did change. I'm using 1.4.6.2.

My original line was:

<form method="get" action="{$link->getPageLink('search.php')}" id="searchbox">

I updated it to:

<form method="get" action="{$link->getPageLink('/search.php', true)}" id="searchbox">

Nothing did change.

 

Anything else should require my attention here:

{*
* 2007-2011 PrestaShop 
*
* NOTICE OF LICENSE
*
* This source file is subject to the Academic Free License (AFL 3.0)
* that is bundled with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://opensource.org/licenses/afl-3.0.php
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@prestashop.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade PrestaShop to newer
* versions in the future. If you wish to customize PrestaShop for your
* needs please refer to http://www.prestashop.com for more information.
*
*  @author PrestaShop SA <contact@prestashop.com>
*  @copyright  2007-2011 PrestaShop SA
*  @version  Release: $Revision: 6989 $
*  @license    http://opensource.org/licenses/afl-3.0.php  Academic Free License (AFL 3.0)
*  International Registered Trademark & Property of PrestaShop SA
*}

<!-- Block search module TOP -->
<div id="search_block_top">

	<form method="get" action="{$link->getPageLink('search.php')}" id="searchbox">
		<p>
			<label for="search_query_top"><!-- image on background --></label>
			<input type="hidden" name="orderby" value="position" />
			<input type="hidden" name="orderway" value="desc" />
			<input class="search_query" type="text" id="search_query_top" name="search_query" value="{if isset($smarty.get.search_query)}{$smarty.get.search_query|htmlentities:$ENT_QUOTES:'utf-8'|stripslashes}{/if}" />
			<input type="submit" name="submit_search" value="{l s='Search' mod='blocksearch'}" class="button" />
	</p>
	</form>
</div>
{if $instantsearch}
	<script type="text/javascript">
	// <![CDATA[
		{literal}
		function tryToCloseInstantSearch() {
			if ($('#old_center_column').length > 0)
			{
				$('#center_column').remove();
				$('#old_center_column').attr('id', 'center_column');
				$('#center_column').show();
				return false;
			}
		}
		
		instantSearchQueries = new Array();
		function stopInstantSearchQueries(){
			for(i=0;i<instantSearchQueries.length;i++) {
				instantSearchQueries[i].abort();
			}
			instantSearchQueries = new Array();
		}
		
		$("#search_query_top").keyup(function(){
			if($(this).val().length > 0){
				stopInstantSearchQueries();
				instantSearchQuery = $.ajax({
				url: '{/literal}{if $search_ssl == 1}{$link->getPageLink('search.php', true)}{else}{$link->getPageLink('search.php')}{/if}{literal}',
				data: 'instantSearch=1&id_lang={/literal}{$cookie->id_lang}{literal}&q='+$(this).val(),
				dataType: 'html',
				success: function(data){
					if($("#search_query_top").val().length > 0)
					{
						tryToCloseInstantSearch();
						$('#center_column').attr('id', 'old_center_column');
						$('#old_center_column').after('<div id="center_column">'+data+'</div>');
						$('#old_center_column').hide();
						$("#instant_search_results a.close").click(function() {
							$("#search_query_top").val('');
							return tryToCloseInstantSearch();
						});
						return false;
					}
					else
						tryToCloseInstantSearch();
					}
				});
				instantSearchQueries.push(instantSearchQuery);
			}
			else
				tryToCloseInstantSearch();
		});
	// ]]>
	{/literal}
	</script>
{/if}

{if $ajaxsearch}
	<script type="text/javascript">
	// <![CDATA[
	{literal}
		$('document').ready( function() {
			$("#search_query_top")
				.autocomplete(
					'{/literal}{if $search_ssl == 1}{$link->getPageLink('search.php', true)}{else}{$link->getPageLink('search.php')}{/if}{literal}', {
						minChars: 3,
						max: 10,
						width: 500,
						selectFirst: false,
						scroll: false,
						dataType: "json",
						formatItem: function(data, i, max, value, term) {
							return "<img src=\"" + baseDir + "img/tmp/" + "product_mini_" + data.id_product + ".jpg\"  alt=\"" + value + "\" />" + value;
						},
						parse: function(data) {
							var mytab = new Array();
							for (var i = 0; i < data.length; i++)
								mytab[mytab.length] = { data: data[i], value: data[i].cname + ' > ' + data[i].pname };
							return mytab;
						},
						extraParams: {
							ajaxSearch: 1,
							id_lang: {/literal}{$cookie->id_lang}{literal}
						}
					}
				)
				.result(function(event, data, formatted) {
					$('#search_query_top').val(data.pname);
					document.location.href = data.product_link;
				})
		});
	{/literal}
	// ]]>
	</script>
{/if}
<!-- /Block search module TOP -->
Edited by HETPE3B (see edit history)

Share this post


Link to post
Share on other sites
On 8/26/2016 at 6:29 PM, zconsulting said:

Hello, 

Can you tell me how you resolved your issue of insecure links from nopadlock results

  1. Log into your PrestaShop admin panel.

  2. Navigate to Preferences -> SEO and URLs.

  3. Set Friendly URL option to No and click Save button:

    prestashop_1_6_how_to_regenerate_htaccess2

  4. Enable Friendly URL back and save the changes.

  5. .htaccess should be successfully regenerated in your store.

Edited by Athinodoros (see edit history)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More