Address bar does not turn green during SSL communication
Asked 1 years ago, Updated 1 years ago, 133 viewsI signed up for my own SSL in Lollipop and changed the URL to https, but the address bar does not turn green. Is the display problematic or white paper?
I looked it up and found out that
The connection to dummty.co.jp is encrypted with the old cipher suite.
In addition, this page contains other unsafe resources.This resource may be visible to other users during transmission.Also, malicious users can modify the page and change the appearance of the page.
This connection uses TLS 1.0.
This connection is encrypted with AES_256_CBC, HMAC-SHA1 for message authentication and DHE_RSA
for the key exchange mechanism.
is in use.
TLS renegotiation extension is not supported on this server.
The message came out. Do I need to make any configuration changes in the lollipop to make it green?
php wordpress ssl https
4 Answers
Assume that Google Chrome displays the following:
The message in the question says it contains unsafe resources.This means that the page itself is loaded with HTTPS, but some resources are loaded with HTTP.Check to see if the URL reads any images or scripts that begin with http://.
Because HTTP does not encrypt or validate the destination, the header information can eavesdrop on the source and destination URLs, or tamper with the imported resources.Even though the site claims to be safe with HTTPS.That's why the browser shows it.
In addition, EV SSL with take88 written on it will display the company name in addition to the green key icon.
Instead, domain authentication SSL is fine as long as the green key icon below is the only one.
Unfortunately, I think you need to obtain an EV SSL certificate from a non-Lollipop certificate authority.
The address bar turns green only for EV SSL certificates and not for other certificate types. Looking at the proprietary SSL in the roll-up, it looks like the certificate "Quick Authentication SSL for GMO Global Signs"
"The proprietary SSL provided by Lollipop! utilizes GMO Global Signing Company's Quick Authentication SSL."
The SSL server certificate type in the GMO global sign indicates that it is "domain authentication" and not "EV SSL certificate."
The icon on the far left of the chrome address bar depends on the server certificate and the chrome policy.
Today's Chrome version is 47.0.2526.80m, but for this version
- http, i.e., when unencrypted, paper icon
- When the server certificate is a sha1 signature, the paper icon (asserts that it is no longer secure)
- Green lock icon when server certificate is sha2 signature
- Green lock + company name
for EV SSL certificates
- When mixed http/https, yellow lock icon with △paper icon
- Red x lock icon (certificate incorrectly used, truly fraudulent site, etc.)
鍵Please distinguish between keys and locks.
In the case of old chrome, the sha1 signed server certificate was also displayed on the green lock icon.
In the latest version, there was a policy change, so it became a paper icon.
Therefore, if you want to release the green lock icon in the current version of Chrome,
"I think ""reacquire certificate with sha2"" will be the answer."
(You should also be aware of intermediate certification authorities.)
I think the details have been finalized, so
http://blog.livedoor.jp/k_urushima/archives/1750289.html
Abandoning the sha1 signature certificate and turning it into a sha2 signature certificate also means truncating equipment.
Equipment that does not support sha2 signature certificates, for example,
- Galapagos phone
- Windows XP
- Additional Embedded
It is likely that
If it's a page that only expects to be viewed on a computer, there's no problem with using a sha2 signature certificate.
If you see more users on the Galapagos phone, you may not be able to switch...
How many Windows XP users are there now?
If you have any answers or tips
© 2024 OneMinuteCode. All rights reserved.