1

In Chrome,

I'm getting this message for my Magento site on payment page.

The site uses SSL, but Google Chrome has detected either high-risk insecure content on the page or problems with the site’s certificate. Don’t enter sensitive information on this page. Invalid certificate or other serious https issues could indicate that someone is attempting to tamper with your connection to the site.

I heard that external links may be an issue for this so I have taken out all of them but it still comes up with this error?

What could be wrong?

Jae Kun Choi
  • 167
  • 1
  • 8
  • Is there a more specific message? I know that in Firefox you can click on More Details and it gives the reason that the certificate is invalid. I don't see anything in what you posted that makes me think that it could be because there is unencrypted content on the page. It's much more likely that you don't have an intermediate certificate installed or you have a SAN wrong or the like. – MDMarra Oct 31 '11 at 00:15
  • I have Web Server certificate installed. Should I install Intermediate Certificate instead? – Jae Kun Choi Oct 31 '11 at 00:35
  • This is in WHM by the way – Jae Kun Choi Oct 31 '11 at 00:35

2 Answers2

1

From your comments it sounds like you don't have the intermediate certificate installed on the server. You need to have the private key, any intermediate certificates, and you're site's certificate all installed.

I have no idea how to do this in WHM, as I've never used it, but the capacity must exist. Digicert has this guide, not sure how applicable it is.

MDMarra
  • 100,734
  • 32
  • 197
  • 329
  • Just found out that intermediate certificate is installed on the server already as same SSL provider was used before. Could this issue be something else then? – Jae Kun Choi Oct 31 '11 at 02:19
  • You have to install the intermediate certificate per-site unless it's specified in the global config. – MDMarra Oct 31 '11 at 02:25
0

From Understanding website security indicators:

Your connection to the site is encrypted, but Google Chrome has detected mixed content on the page. Be careful if you’re entering information on this page. Mixed content can provide a loophole for someone to manipulate the page. This content could be third-party images or ads embedded on the page.

and the other hint is or problems with the site’s certificate.

My guess is that either your certificate is not validated correctly, your webserver is auto-negotiating a version of SSL that Chrome considers insecure or you have incorrectly configured Magento and at least one of the following is happening:

  1. Your images are not being referenced securely. (this includes backgrounds)
  2. Your Javascript source is not being referenced securely.
  3. If you are using Flash, the links within the object class must be secure.

Make sure that all the content included is done in such a way as that it can appropriately be used with SSL - I suggest you review Magneto's documentation.