|
|
Posted by Harlan Messinger on 02/27/07 13:21
ilan wrote:
> Hi All,
>
> I have just opened an ecommerce website, and have purchased an SSL
> certificate, so all traffic on the site should be secure. The website
> address is: www.ilandesign.com.au.
>
> I don't get any warning messages, error messages, or prompts that the
> website may not be trusted, but sometimes when I open the page, the
> padlock doesn't display. It might only be for a short time whilst I
> navigate across a few pages, and then seemingly randomly, the lock
> will appear.
If I go to http://www.ilandesign.com.au, I don't expect a lock because I
didn't *ask* for secure communication by using https. And if I click a
link with a URL that has http instead of https, such as any of the links
on your home page (which have http because the HREFs are relative, and
you have a BASE tag with a URL that has http instead of https), I don't
expect the next page to be secure either because, again, a secure page
wasn't requested.
For secure communications, pages have to be requested with https. If you
want to accept incoming traffic that uses http (and you should) then you
need to redirect to the user to the corresponding https address to have
the security kick in.
You also have to configure the site to *accept* requests for secure
communications, ordinarily via port 443.
Navigation:
[Reply to this message]
|