Hello
need help I have tried to get an ssl certificate and a green padlock on the website
but this is what the server company say

Hello Ian,

We have checked valid SSL has been installed on the site but some coding may be causing not to show the Padlock. Below can cause the issue so can you check this with your developer.

Absolute addresses

Absolute adddressing for images and links include the entire domain name and the protocol, which is typically http://. For example, if you were linking image.jpg and your domain name was example.com, the link would be code as <img src=”http://example.com/image.jpg”>


Relative addresses

Relative addresses differ from absolute in that they include neither the protocol nor the domain name. Using the same image.jpg file as before, the link code to that file in would simply be <img src=”image.jpg”>.

So you will need to go through the code for your site and change all absolute links to relative ones



Kind regards,


George
Storm Internet Ltd | Technical Support Engineer
http://www.storminternet.co.uk

Hi Ian,

Basically any links to your own website and third party websites in any of your pages that are absolute, ie in the form of http://www.mywebsite.co.uk will show as insecure content. Those links need changing to https. Have you a link to the site affected?

Also, in the ECT admin make sure that both URLs in the Store Admin > Main Settings are also both set to https

Steve
Manchester, UK

Using ECT since 2004

quote:

---

Basically any links to your own website and third party websites in any of your pages that are absolute, ie in the form of http://www.mywebsite.co.uk will show as insecure content. Those links need changing to https. Have you a link to the site affected?

---

The above quote isn't quite correct, it's only links to images, js files or css files that will show insecure content, not menu links, and looking at you site all those links seem okay.

The first thing you need to do is remove this line because you're not using search engine friendly urls
<base href="http://www.curiosity-corner.com/">


Then follow Steve's advice and make sure both urls in your main settings are pointing to https://www.

Then force the site to https:// in your web config file

Then check all the pages to see if they're all showing as secure



* Database Migrations and Conversions*
* ASP to PHP Cart Conversions*
*Contact Us*
*Buy The PHP Capture Card Plugin*
*Rate Our Services/View Our Feedback*

Just Got This

You currently have TLSv1 enabled.
This version of TLS is being phased out. This warning won't break your padlock, however if you run an eCommerce site, PCI requirements state that TLSv1 must be disabled by June 30, 2018.

You'll still need to address the issues above



* Database Migrations and Conversions*
* ASP to PHP Cart Conversions*
*Contact Us*
*Buy The PHP Capture Card Plugin*
*Rate Our Services/View Our Feedback*

Just Got This

You currently have TLSv1 enabled.
This version of TLS is being phased out. This warning won't break your padlock, however if you run an eCommerce site, PCI requirements state that TLSv1 must be disabled by June 30, 2018.

the website is www.curiosity-corner.com

has andy left he helped me set the site up when I purchased the template

ian

Hi Ian, You need to remove the base url from all the pages or change it so that it points to https. Looking at the site on https the styles sheets are not rendering due to the base url. Also I would recommend setting up a re-direct in the web.config file so that all customers are pointed to the secure version of the site.

quote:

---

Yes indeed, Andy has decided to opt for the easy life and chose early retirement as of a couple of months ago or so. I think he's somewhere very comfortable right now with his feet up and a banana daiquiri in his hands. [Wink]

Vince

---

Winners never quit, quitters never win
CSS and Responsive Designs
User Manual for Ecommerce Templates

have just removed <base href="http://www.curiosity-corner.com/">

and uploaded the new pages

ian

https://www.whynopadlock.com/results/276fe2bd-06d4-4140-864a-d584f05ea034

if this link works

it says what I have to do

Hi Ian, that looks better and I got the lock, the next thing is to redirect all traffic onto https in the web.config file. your host should be able to do that for you or point you to the correct syntax for their webserver. I started this thread a couple years back but the info is still good, see dbdave post https://www.ecommercetemplates.com/support/topic.asp?TOPIC_ID=106851

quote:

---

Force HTTPS

---

Also I ran a new test and just 2 issues the one above and this one - try and get your host to disable TLSv1

You currently have TLSv1 enabled.
This version of TLS is being phased out. This warning won't break your padlock, however if you run an eCommerce site, PCI requirements state that TLSv1 must be disabled by June 30, 2018.

Winners never quit, quitters never win
CSS and Responsive Designs
User Manual for Ecommerce Templates

hi
I have altered pages and now test shows https://www.whynopadlock.com/results/a86c73ab-5675-4115-a6bb-57cff37e8afb

I need to Force HTTPS

Your webserver is not forcing the use of SSL.
You may want to add a redirect to ensure a secure connection is used

what and how do I do this

is this something that needs to be done as an update for all users

oh and I cannot find a web config file

what would it be called

Hi it should be web.config and on the webserver, check in the host control panel file manager and then if you don't see it create on using a plain text editor like notepad or notepad++ when saving the file make sure it does not have any extension and is only named web.config

Winners never quit, quitters never win
CSS and Responsive Designs
User Manual for Ecommerce Templates

Forcing the use of HTTPS:// on your site will ensure that visitors to your site are always using https://www.curiosity-corner.com and aren't able to access an insecure http://www.curiosity-corner.com URL. This is recommended since if a visitor does access your site as http://www.curiosity-corner.com everything will be marked as "Not Secure".
Below code is for forcing HTTPs on an Apache webserver. If you are using another webserver such as lighttpd, nginx, etc you will need to contact your web hosting provider for assistance.
Add the following code to the .htaccess file in your webhosting account:
RewriteEngine On
RewriteCond %{HTTP_HOST} curiosity-corner\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.curiosity-corner.com/$1 [R,L]

Once this change is made your site will no longer be accessible on the insecure "http://www.curiosity-corner.com" URLs and all visitors will be redirected to "https://www.curiosity-corner.com" instead.

this code was sent to me to go in the web cofig file

where is that

is it in the docs folders

quote:

---

Below code is for forcing HTTPs on an Apache webserver. If you are using another webserver such as lighttpd, nginx, etc you will need to contact your web hosting provider for assistance.

---

RewriteEngine On
RewriteCond %{HTTP_HOST} curiosity-corner\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.curiosity-corner.com/$1 [R,L]

That code above is for an Apache/Linux Server using an htaccess file and is of no use to you

Your server is windows - HTTP server signature Microsoft-IIS/7.5

So what you need to do first is check for a file in the httpdocs directory name webconfig, if it exists add the following below in red.

If doesn't exist create one using notepad and add all the code below and save it as webconfig - upload it to your httpdocs directory



<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to https" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

If you're not comfortable doing this click on my name and send me an email with the FTP details of the site and I'll do it for you.



* Database Migrations and Conversions*
* ASP to PHP Cart Conversions*
*Contact Us*
*Buy The PHP Capture Card Plugin*
*Rate Our Services/View Our Feedback*

hi phil

I may ask for your help later as I cannot see the htp doc
looked in the website looked in vsadmin
looked everywhere
could not find it

It could be httpdocs or www or perhaps named something else.

But whatever the name of the directory is where your vsadmin directory is would be the site root, so if you're seeing your vsadmin directory you should see a file named webconfig if it's present.



* Database Migrations and Conversions*
* ASP to PHP Cart Conversions*
*Contact Us*
*Buy The PHP Capture Card Plugin*
*Rate Our Services/View Our Feedback*

Thanks for sending those details.
Your webconfig file was already present in the httpdocs directory, so I edited it and all pages are now redirected to https://



* Database Migrations and Conversions*
* ASP to PHP Cart Conversions*
*Contact Us*
*Buy The PHP Capture Card Plugin*
*Rate Our Services/View Our Feedback*