Missing padlock
- 22/01/2021 15:33
Once an SSL certificate has been installed on a website, you can access that website by typing https:// at the beginning of the address rather than just http://. If everything is setup correctly, then you web browser will display a padlock to indicate that the website is secure or even a green address bar if you have an EV certificate.
If something is wrong with the certificate, then you web browser will most likely display a very prominent error message or may even prevent you from loading the page at all.
However, if the page loads without any errors but doesn't display a padlock when using https:// then you likely have a mixed content problem. This means that whilst the main page itself is loading securely, there are parts of the page which are still loading insecurely and so the whole page cannot be considered fully secure.
How to fix a mixed content error?
Mixed content errors are caused by some of the content on the page such as CSS files, Javascript files, images or fonts loading via absolute URLs that are using http:// instead of https://. In order to fix this, you need to check the source code of your website to find and replace any instances of http:// with https://.
Finding mixed content quickly
Most web browsers have some form of developer tools which allow you to view the page source, network requests and responses as well as any errors that the page generates. This error console would also display messages about any content that cannot be loaded due to being insecure.
In Safari go to Safari > Preferences then the Advanced tab and tick the "Show Develop menu in the menu bar". You should now have a Developitem in the menu bar so you can go to Develop > Show JavaScript Console.
In Firefox go to Tools > Web Developer > Network to display a list of page resources and where they were loaded from, insecure resources won't show a green source.
In Chrome go to View > Developer > Developer Tools and then click on the Security tab to display a quick summary of the page security.