- What is SSL?
- Why SSL?
- PKI Overview
- SSL Certificate Features
- Ordering a Certificate
- What is a CSR?
- SSL Certificate Installation
- SSL Certificate Errors
- SSL Details
- Special Types
- Copying a Certificate
- The Most Common Java Keytool Keystore Commands
- How to Create and Install an Apache Self Signed Certificate
- How to Create a Self Signed Certificate in IIS 7
- SSL Certificates in Google Chrome
- SSL Host Headers in IIS 7
Stop the "page contains secure and nonsecure items" warning
Are your SSL web pages plagued by the browser warning "This page contains both secure and nonsecure items. Do you want to display the nonsecure items?"
1. Change all URLs to https
<img src="https://www.domain.com/image.gif" alt="" />
This may not work if you are loading an image from another site that does not have SSL set up. Also, with this method you'll be loading SSL images even when the client is loading from a non-secure page. This will add extra processing load on the server and client. This is definitely not recommended for a high volume site.
2. Change all links to // or make them relative
Rather than changing all the links to https://, change them to just //
<img src="//www.domain.com/image.gif" alt="" />
Alternatively, if the images or scripts are located on the same domain, you can access them relatively, rather than absolutely:
<img src="image.gif" alt="" />
Using this method, the browser will know that it must load the image securely if the web page is being loaded securely but it will also load the image normally if the page is not being accessed securely. The image will still need to be available on the other server securely. This is likely the best method of getting rid of the pesky "Do you want to display the nonsecure items?" warnings.
3. Change the browser settings
It is best to change the code of the page that is giving the error, but if you don't have access to change the code, you can always tell your personal web browser not to display that message. To do so follow these steps for Internet Explorer:
- Go to Tools, Internet Options.
- Select the "Security" Tab and then click on the "Custom Level" button.
- Scroll down until you see the option: "Display mixed content". Select "Enable".
- Click Ok. Then you will get a "Security Warning" pop-up. Click Yes.
One common reason that this warning shows up is using normal Google Analytics code on a secure page. It is a simple fix to enable Google Analytics on a page using SSL.