Well..
Been struggling with this for a few hours now. So I decided it would be best to ask here.
On a fresh debian wheezy server elgg is working fine.
But then I decided to implement SSL.
Seems the CSS is missing when SSL is used. I have searched all over the net for anyone who is having a similar problem and have come up empty.
I located a brief mention that if Elgg was installed as localhost this could cause a problem. But Elgg was installed with it's domain name. I have checked to make sure that all pathnames include a trailing slash. (and they do)
I have followed 2 different SSL setups for debian and both display the same symptom. Funnily enough I can access myphpadmin (https://au0.org/phpmyadmin) using SSL and experience no issues. So I do believe SSL is functioning correctly. However I am happy to be proved wrong.
Here is my SSL URL https://au0.org and here is the site without SSL http://au0.org
Any or All help appreciated.
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
Ahh I just did a few tests with various browsers.. IE gives the option of "Display only secure content".. When I say "NO" the CSS operated on the site with SSL..
The login page then appears correctly... Hmmm Interesting..
Ok.. I am off to do more googling..
Where I found this..
Resolving Unsecured Content on Secure Pages With SSL
You've taken all the steps necessary to make sure your site is secure, and you want your customers to be confident that their personal information is kept confidential. Even though your site is protected by your SSL certificate, customers may still receive messages that the page they're viewing contains unsecured content if there are images or other elements that haven't been encrypted.
When you have an SSL certificate installed on your store, it attempts to encrypt all of the elements on your store's secure pages (e.g. the checkout page). If all elements on the page cannot be encrypted, customers will see an "unsecured content" message and, in some browsers, customers may see a broken padlock icon.
Though these messages do not indicate a failure of the SSL certificate, they can still be scary to customers and drive your store's conversions down. Below are the three most common issues in your store that can cause an "unsecured content" message and tips on how to correct the issues.
Error Explained
When your store's SSL certificate fails to encrypt all of the elements on a page (e.g. forms, textboxes, images, etc.), customers receive an "unsecured content" pop-up message.
To resolve the error, all you need to do is find the elements on the page that cannot be encrypted and make some minor modifications.
Images Hosted on Your Store
Any time an HTML image link is created within a page using the entire, "absolute" URL for the image file's location, the resulting image link will not be encrypted by any SSL on the site.
For example, the following image link cannot be encrypted by an SSL certificate:
<img src="http://www.yourvolusionstore.com/assets/photo1.jpg">
To correct this issue, simply remove your store's domain from the image tag, creating a relative link:
<img src="/assets/photo1.jpg">
See: http://support.volusion.com/article/resolving-unsecured-content-secure-pages
Hmmm.. so does this mean I need to modify every URL in the code?? *sigh
I hope not.. That would put an end to my Elgg experiment..
Surely someone has a "fix" for this...??
Check this plugin, I think it can help you: https://github.com/beck24/image_proxy
Ty for the suggestion.. Javier.. Installed it.. But no changes observed.. :( au0.org is completely "out of the box" by the way.. This was the first module I had installed. So I am having this issue on a stock standard installation.. Just for anyone's information.. Cheers. (About to crash out.. I will check here when I next wake.)
Is the domain in your settings set to https?
If not then this makes sense, you request the page via https but it in turn loads all assets from the configured domain which is not https and the browser blocks it due to security.
If I set the domain in settings to https within Elgg then nothing works.. I lose all access to the site.. Forcing me to edit the database via phpmyadmin back to http to regain access. Perhaps an alternate .htaccess is required?
@CountrySA Read it:
http://httpd.apache.org/docs/2.4/ssl/
http://httpd.apache.org/docs/2.4/ssl/ssl_faq.html
RvR can you just tell me where I have gone wrong?? As I have already said.. https works fine for phpmyadmin.. (as proven by the above links)
- Previous
- 1
- 2
- Next
You must log in to post replies.