httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yehuda Katz <yeh...@ymkatz.net>
Subject Re: [users@httpd] Virtual Hosts and SSL Puzzler
Date Tue, 22 Oct 2013 14:03:03 GMT
If the sites you are referencing allow you to access them over https, that
will solve the problem.
My prefered solution is to omit the http: altogether. If a url just starts
with "//example.com/rest/of/url", the browser will use the appropriate
protocol automatically.

- Y


On Tue, Oct 22, 2013 at 9:59 AM, Dennis Putnam <dap1@bellsouth.net> wrote:

>  On 10/22/2013 9:44 AM, Yehuda Katz wrote:
>
> On Tue, Oct 22, 2013 at 9:39 AM, Dennis Putnam <dap1@bellsouth.net> wrote:
>
>> Thanks. That might make more sense (at least to me). After more reading,
>>  I am not sure that I don't have SNI capable version of httpd already
>> installed (how do I tell?). The pages that work are very simple but the
>> one that doesn't is complex and has lots of graphics. If that is the
>> case, why are they not encrypted like everything else (assuming they are
>> not referenced on a different server)?
>>
>
>  As I mentioned, if you don't have SNI, then you should see major
> warnings from the browser that something is wrong when you go to any site
> but the first one.
>
>  As far as finding the offending image: Go to the page in your browser,
> right click on the page and choose view source (or a similar option). Then
> search in the source for http://
> That should let you find which images are not secure.
> If the URLs are publicly accessible, post them here if you want someone to
> have a specific look (or email me privately if you don't want them to be
> public and I will try to have a look).
>
>  - Y
>
>   Ah ha! You hit it. There are references to social media on the page
> that use http (Facebook, LinkedIn and Twitter). Since they reference a
> different site will just changing it to https be sufficient or is there
> some other workaround? Thanks.
>

Mime
View raw message