Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to identify mixed content in https website

I've inherited an ASP.NET web site that has an SSL certificate bought via GoDaddy.

The problem is that the certificate seems to be invalid because of some "mixed content/resources" (I think that's how its called) coming from http sites.

Chrome is showing the red cross over the lock next to https, meaning it's unsecured. The popups says the following:

alt text

Click in "What do these mean?" goes here which says:

The [crossed-lock] icon appears when Google Chrome detects high-risk mixed content, such as JavaScript, on the page or when the site presents an invalid certificate.

The certificate is correct and valid because I tried creating a blank "Hi world" .aspx page and it's showing the green lock with no problems.

Reading a little bit, I found that I should only include images and javascript coming from https sites. The only thing it had coming from http was the addthis widget, but they support https, so I changed to https, but it's still saying that is unsecured.

I've searched for anything else coming from http in the source, but didn't find anything.

Is there some way (site, chrome extension, firefox extension, whatever) that will show exactly which are the resources that are "unsecured"?

I've never dealt with SSL/HTTPS certificates, but I need to fix this issue asap.

like image 811
empz Avatar asked Nov 17 '10 21:11

empz


2 Answers

Check your site in http://www.whynopadlock.com, which will give you a list of url which is not consider as secure by your browser.

like image 55
Gopu Avatar answered Nov 16 '22 02:11

Gopu


Check the chrome console

You will get it like this,

The page at https://xys displayed insecure content from http://asdasda.png.

Make it http site to https then it will work.

like image 44
MANISHDAN LANGA Avatar answered Nov 16 '22 04:11

MANISHDAN LANGA