Ssl – Your SSL is partically encrypted

apache-2.2magentossl

In Chrome,

I'm getting this message for my Magento site on payment page.

The site uses SSL, but Google Chrome has detected either high-risk insecure content on the page or problems with the site’s certificate. Don’t enter sensitive information on this page. Invalid certificate or other serious https issues could indicate that someone is attempting to tamper with your connection to the site.

I heard that external links may be an issue for this so I have taken out all of them but it still comes up with this error?

What could be wrong?

Best Answer

From your comments it sounds like you don't have the intermediate certificate installed on the server. You need to have the private key, any intermediate certificates, and you're site's certificate all installed.

I have no idea how to do this in WHM, as I've never used it, but the capacity must exist. Digicert has this guide, not sure how applicable it is.

Related Solutions

Nginx – Problems with IE/wget confusing a subdomain’s SSL cert with the main domain’s cert

# dig stats.psychicbazaar.com
[...]
;; ANSWER SECTION:
stats.psychicbazaar.com. 3600   IN      A       178.79.183.162
[...]
# dig www.psychicbazaar.com
[...]
;; ANSWER SECTION:
www.psychicbazaar.com.  3600    IN      A       178.79.183.162
[...]

How exactly is your web server supposed to know which certificate to serve for a TLS exchange if you are using the same IP address for both? This won't work:

http://wiki.apache.org/httpd/NameBasedSSLVHosts

As a rule, it is impossible to host more than one SSL virtual host on the same IP address and port. This is because Apache needs to know the name of the host in order to choose the correct certificate to setup the encryption layer. But the name of the host being requested is contained only in the HTTP request headers, which are part of the encrypted content. It is therefore not available until after the encryption is already negotiated.

Nginx – SSL Certificates Throwing Errors Randomly

Assuming that your host that is having the issues is the same as the one listed in your provided screenshot, it appears that there may be a few configuration issues that you should look at. A good first place to start, at least in my opinion, is the following site. The host listed in your image was tested and the results can be seen here. A best practices guide can be found here.

Now, on to your original issue. One of the first things that stands out is the notion that your site works only in browsers with SNI support. SNI does not work on Windows XP, even with Internet Explorer 8, since it depends upon particular SCHANNEL components that are OS based and not browser based. More information about browsers and SNI support can be found here. The issues that were observable within your original evidence screenshot also indicated an issue with the certificate chain; which could require changes to your CSR or the way that you implemented the certificate and related intermediate certificates on your web server.

RapidSSL has an excellent walk-through for installing their certificates and it can be found here. There also appears to be a difference when connecting to the site listed in your screenshot from www.fqdn.com and just fqdn.com. That may be something that you want to look into as well.

It looks like you have a couple more things to look at and once they are resolved, it should help with some of the issues you were originally seeing. I hope that this helps.

Best Answer

Related Solutions

Nginx – Problems with IE/wget confusing a subdomain’s SSL cert with the main domain’s cert

Nginx – SSL Certificates Throwing Errors Randomly

Related Topic