+ Start a Discussion
EIE50EIE50 

SSL Error when vf page is loaded everytime

I have a portal in my production org, and every time a user tries to load the page, a pop up appears saying, this page contains both secure and nonsecure items. Do you want to display non-secure items? It doesnt matter if i click yes or no as there is no change in the display of the page. Users have started complaining on this as they keep getting this popup everytime they try to load the page.

 

I had the same isssue in sandbox and thought once we move to prod it should be fine. But still the prob persists. Does anyone has an idea why this is occuring and how to resolve this?

 

Thanks.

Best Answer chosen by Admin (Salesforce Developers) 
BrendanOCBrendanOC

If you are losing the styles, your server may not be configured for HTTPS.  What happens when you type in https://www.yoursite.com/favicon.ico in a new browser window?

 

If your site is not listening on HTTPS, you will need to configure your webserver to listen on port 443 and support SSL.  This is a relatively straight-forward process for all major web servers (IIS, Apache, WebSphere, etc.)

 

As long as those links on your portal login page are pointing to HTTP:// instead of HTTPS:// most browsers will continue to display the mixed content warning.

 

If you're not able to configure HTTPS on your server, you should be able to host those style sheets and images within salesforce.

 

Hope that helps!

All Answers

BrendanOCBrendanOC

It sounds like some HTTP content is being loaded within the portal login page.  Portal login pages should be over HTTPS, but many browsers will dispaly a mixed content warning if there is anything loaded via HTTP.

 

Can you look at your Portal page and see if any CSS, Images, Headers, Footers, etc. are set to http:// instead of https:// ?

 

An easy way to do this is to browse to your portal login page, click View Source in your browser, then do a search for http://

 

Hope that helps.

EIE50EIE50

Hi,

 

Yes i am referring the java script / css from an http site in my site /portal. How do i get rid of the pop up? should i recreate all the css / java script in salesforce rather than referring from an external site?

 

Thanks.

Ispita_NavatarIspita_Navatar

By default, Internet Explorer displays the following security warning message when a page contains a mixture of secure (HTTPS) and non-secure (HTTP) frames: is page contains both secure and non-secure items. Do you want to display the non-secure items?


When you create a web tab with a non-secure URL, users may see this warning message, depending on their browser security settings.


To suppress this warning in Internet Explorer, follow the steps listed below.


1. From the Internet Explorer tools menu, select "Internet Options".
2. Click the security tab and click the "Custom Level" button.
3. In the miscellaneous section, set "Display Mixed Content" to Enable.
4. Click OK and close all browsers and open them again in order to refresh.

 

Did this answer your question? If not, let me know what didn't work, or if so, please mark it solved.

EIE50EIE50

Hi,

 

I tried as you said, and still i see the same pop up message. Should i check any other settings? This prob is being faced by a big number of our customers when they use portal. Is there any other way this could be resolved?

 

Thanks,

Senthil

BrendanOCBrendanOC

In my opinion, its not a good idea to supress the browser warnings.  You're fixing the symptom instead of the problem.

 

To fix the problem, change your links to HTTPS instead of HTTP.

EIE50EIE50

Hi,

 

I am referring the style sheets from an external site, like

 

eg:   <link href="http://www.abcde.com/favicon.ico" type="image/ico" rel="shortcut icon" />
<link rel="stylesheet" type="text/css" href="http://www.abcde.com//styles/3col.css" />

when i change this to https, i am loosing the styles and i am seeing awkward display.

 

Thanks.

BrendanOCBrendanOC

If you are losing the styles, your server may not be configured for HTTPS.  What happens when you type in https://www.yoursite.com/favicon.ico in a new browser window?

 

If your site is not listening on HTTPS, you will need to configure your webserver to listen on port 443 and support SSL.  This is a relatively straight-forward process for all major web servers (IIS, Apache, WebSphere, etc.)

 

As long as those links on your portal login page are pointing to HTTP:// instead of HTTPS:// most browsers will continue to display the mixed content warning.

 

If you're not able to configure HTTPS on your server, you should be able to host those style sheets and images within salesforce.

 

Hope that helps!

This was selected as the best answer
EIE50EIE50

Hi,

 

When i type https://www.mysite.com/favicon.ico in a new browser window, the link doesnt work, i get a message saying that link appears to be broken.

 

So i think i should start planning of hosting those style sheets within salesforce. This is such a pain.

 

Thanks.

EIE50EIE50

I have a small doubt regarding this issue. I am using external hyperlinks in my portal ( just the hyperlinks to redirect user to the respective site) and they are all http as well. Apart from css problem that we discussed y'day, can this hyperlinks be a problem too?

 

Thanks

BrendanOCBrendanOC

Hyperlinks shouldn't be a problem.  The warning will only occur when page elements and content are served from a mixture of HTTPS and HTTP.  Browsers will also warn on form actions that switch protocol, such as an HTTPS page that Posts via HTTP. ex: <form action="http://mysite.com/page">

 

Depending on the browser, it may warn the user that they are leaving an encrypted page if they click on an HTTP hyperlink within an HTTPS page, but it should not give them the mixed content warning when the page loads.

EIE50EIE50
Thanks!!!