SSL Problems

[DarkTexas]

Hi,

lately we changed our Website + Forums to SSL.
That means, we tried it. It worked on our Main Site but on our Forums it wasn't that cool anymore.
While I changed all Paths (via repair_settings.php) it's fine. But, when you load the page you see for like an second or so, then it goes . Like if it's redirecting wrong.

What's going on?

[br360]

It could be that the page is loading both secure and non secure content. Do your pages have any images or links to sites that are http and not https?

Also, generated Certificate Requests in SHA1 are starting to be flagged by some browsers recently. Do you know if your SSL is SHA1 or SHA2/SHA256?

[DarkTexas]

It could be that the page is loading both secure and non secure content. Do your pages have any images or links to sites that are http and not https?

Also, generated Certificate Requests in SHA1 are starting to be flagged by some browsers recently. Do you know if your SSL is SHA1 or SHA2/SHA256?

The website is having many images. I tried it on another directory like 'https://gljclan.de/share/11-38-36_24.10.15.png'; and there it's green. So It's having something to do with the Forums itself. You mean like iframes or stuff etc by unsecure content? Images that are not https?

[br360]

Ok, I'm not an SSL expert by any means, but looking at your site it appears that there are a few issues.

First is that you can cruise your site without even typing in https (just your site url), which means that you should probably set up forcing https in all pages in your .htaccess file. Take a look at this link for some more info- http://www.inmotionhosting.com/support/website/ssl/how-to-force-ssl-using-the-htaccess-file

If you inspect element on your index page and look at your console, you will see that some of your images are loading over http, and your style.css is loading http links and not https.

Also, when viewing your certificate it is saying that it is being encrypted with an obsolete cipher suite. That probably wouldn't cause the issue you are referring to, but if your host could help you get you set up with a modern cipher suite, it would be better.

[DarkTexas]

Ok, I'm not an SSL expert by any means, but looking at your site it appears that there are a few issues.

First is that you can cruise your site without even typing in https (just your site url), which means that you should probably set up forcing https in all pages in your .htaccess file. Take a look at this link for some more info- http://www.inmotionhosting.com/support/website/ssl/how-to-force-ssl-using-the-htaccess-file

If you inspect element on your index page and look at your console, you will see that some of your images are loading over http, and your style.css is loading http links and not https.

Also, when viewing your certificate it is saying that it is being encrypted with an obsolete cipher suite. That probably wouldn't cause the issue you are referring to, but if your host could help you get you set up with a modern cipher suite, it would be better.

Yeah, saw the console.. :/ Is that having something to do with  style.css ? Where can i find my style.css file?

Also i saw "Mixed Content: The page at 'https://gljclan.de/index.php?action=profile'; was loaded over HTTPS, but requested an insecure script 'http://s7.addthis.com/js/250/addthis_widget.js?_=1445680999521';. This request has been blocked; the content must be served over HTTPS." in the Console, What's that O_o

for me it looks like if I change that it would work

[br360]

The first things I would do is go into your admin » Server Settings » Database and Paths and make sure that where it says "Forum URL", it is https://gljclan.de

Then I would run repair settings again just to make sure that all the links are in fact https and that you didn't accidentally miss one that still says http:

After that I would really set up your .htaccess file to ensure that it forces all pages to be https. Right now I can cruise your forum with just typing in gljclan.de. When I do that it should automatically force me to https://gljclan.de and it's not.

[DarkTexas]

The first things I would do is go into your admin » Server Settings » Database and Paths and make sure that where it says "Forum URL", it is https://gljclan.de

Then I would run repair settings again just to make sure that all the links are in fact https and that you didn't accidentally miss one that still says http:

After that I would really set up your .htaccess file to ensure that it forces all pages to be https. Right now I can cruise your forum with just typing in gljclan.de. When I do that it should automatically force me to https://gljclan.de and it's not.

Checked Repair Settings and the Paths again; everything set to Https. I tried an Script Blocker... and see.. it's working. So I'm 100% Sure it's having something todo with the Script which i was showing already. Do you know where I can change the Script's URL to https? - I mean where I find the script.

[DarkTexas]

bassicly I just want to know where I can find the line where



is Embed.. What file?

[Kindred]

That is part of the add-this mod, I have handles adding social share stuff....    You under have to either remove that mod or take it up with the author of that mod...

[DarkTexas]

That is part of the add-this mod, I have handles adding social share stuff....    You under have to either remove that mod or take it up with the author of that mod...

I do not have any mod installed which is for sharing stuff or add things ;/ just social login - is that possible?

[DarkTexas]

fixed; It was SA-Chat.

[Jailer]

Your site can still be browsed via http. You need to change your server config to force https.