Browser Changes & SSL Certificate Errors

,

Many secure, SSL webistes today now appear “insecure”, and give security warnings, Google’s Chrome browser, starting with version 57, released in January 2017, was the first browser to go to these extremes. Apparently in an effort not to be undone, Firefox followed suit, although it offers much more pertinent information.

What has happened is that if a web page has any local content that is insecure within it, the browser raises an alarm to alert the user. Unfortunately, many a good site has been caught up in this mess. it will even declare a site as “Unsafe” if it has image links that are insecure. Many of these sites simply have badge icons to reflect affiliations. For instance:

The “Manta” badge icon might be displayed as an image link : http://www.manta.com/manta/images/mantaBadge_sm.png and a Facebook icon might be displayed like this: http://en.facebookbrand.com/assets/f-logo

The SSLTOOLS website is a good place to check for insecure content that might upset a web browser: http://www.ssltools.com/.

I have developed this site in WordPress and after changing the site to use SSL, I had trouble because not all local site content was converted to use SSL. For example, I had issues with: 

http://www.jaredsec.com/wp-content/themes/notes/themify/img/social/google-plus.png
http://www.jaredsec.com/wp-content/themes/notes/themify/img/social/twitter.png
http://www.jaredsec.com/wp-content/themes/notes/themify/img/social/facebook.png
http://www.jaredsec.com/wp-content/themes/notes/themify/img/social/youtube.png
http://www.jaredsec.com/wp-content/themes/notes/themify/img/social/pinterest.png
http://www.jaredsec.com/wp-content/themes/notes/skins/orange/style.css

When I dumped the SQL database, I found a multitude of problems; nothing with WordPress Core, but plugin-related links. To solve the problem in one fell swoop, I used four steps:

  1. Dump the SQL database to a file
    mysqldump –user=DBUSER –password=DBUSERPASS DBNAME > FILENAME.sql
  2. Backup the SQL database file, just in case
    cp FILENAME.sql FILENAME.bak
  3. Replace site-related http strings with https in the file
    sed -i -e ‘s/http://www.DOMAIN_NO_TLD/https://www.DOMAIN_NO_TLD/g’ FILENAME.sql
  4. Load the file back into MySQL
    mysql –user=DBUSER –password=DBUSERPASS DBNAME < FILENAME.sql

When it was all done, I did have a few small problems with my theme, but nothing that affected content at all. No more browser warnings!