Insecure even with SSL? « Gravity Support Forums

Gravity Support Forums » Plugin Support » Gravity Forms Authorize.Net Add-On

mcollinsblog
Member

After much hair pulling and screaming, I was able to get an SSL certificate installed through my host.

However, Gravity Forms still displays the "this page is insecure" warning on my form (I'm going through Authorize.net).

Apparently this is due to wordpress pulling in elements through http:// to save resources (so said my genius web developer friend).

Unfortunately, I have no idea how to rectify this issue. I tried downloading Better WP Security and forcing HTTPS on just the registration page, but that creates a redirect loop.

The certificate is up and installed correctly, have ran a bunch of checks to make sure of that. So why am I still getting the error? Any way this can be fixed?

Here are some reference URLS:

my site:

http://www.texasshredderclassic.com

registration:

http://www.texasshredderclassic.com/registration

I've disabled the SSL on the registration, so it's not redirecting infinitely anymore.

Any help would be GREATLY appreciated. I really need to get this up and running soon and have no clue whatsoever what I should be doing.

Posted 11 years ago on Wednesday December 12, 2012 | Permalink
Chris Hajer
Key Master

Michael, I am still getting the redirect loop on the registration page. I tried some other pages on the site but they do not appear to be using SSL.

The webpage at https://www.texasshredderclassic.com/registration/ has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.

Enabling SSL for all your assets is beyond the support we can give for Gravity Forms. But if we can at least see the page maybe we can help you force SSL for some items.

I did find this article which seemed useful for troubleshooting:
https://managewp.com/wordpress-ssl-settings-and-how-to-resolve-mixed-content-warnings

Posted 11 years ago on Wednesday December 12, 2012 | Permalink
mcollinsblog
Member

Hey chris,

Just turned off the "force SSL" for that page, so you can see it now... but it's not secure.

Does this help?

http://www.texasshredderclassic.com/registration

Posted 11 years ago on Wednesday December 12, 2012 | Permalink
Chris Hajer
Key Master

When I look at the source of your page, none of the assets are being loaded over SSL/https. Can you please check the configuration of that plugin, or try another plugin to force all assets for this one page over SSL.

~~The warning that Gravity Forms is putting up is accurate. There are insecure items on your page. It's up to you to force them all through SSL to prevent this warning.~~

UPDATE: accessing the page with SSL turned off will not help. I just realized that's what you did. The page will need to be forced over SSL. You need to figure out why that results in a redirect loop on your site. That is the first step. We will need to see the page secured with SSL to be sure the warning goes away.

Posted 11 years ago on Thursday December 13, 2012 | Permalink
mcollinsblog
Member

Okay, how about now?

https://www.texasshredderclassic.com/registration/

You can get to it and it's HTTPS, but it still gives me the insecure error. Thanks!

Posted 11 years ago on Thursday December 13, 2012 | Permalink
Chris Hajer
Key Master

That page is loaded over https, but all the images and everything else on the page are not. If you view the source of the page, the images and scripts and styles are all still http://, not https://. Everything will need to be loaded over https before that warning will go away. Normally an SSL plugin will force that for you. It does not appear the plugin you're using is doing that yet. Can you try a different SSL plugin for WordPress, or look further into configuring the plugin you are using?

Posted 11 years ago on Thursday December 13, 2012 | Permalink
alindgren
Member

I am having the same issue. I think all my content is secure now (I checked Chrome console) and the page is loaded over HTTPS.
https://www.svs.org/?page_id=996

Posted 11 years ago on Thursday December 20, 2012 | Permalink
alindgren
Member

Another thing to note - when I check "Force SSL", it goes into an endless redirect loop. I had previously been using WordPress HTTPS plugin to do the redirect but I disabled it incase there was a conflict.

Posted 11 years ago on Thursday December 20, 2012 | Permalink
Chris Hajer
Key Master

@alindgren, that page appears to be secured with SSL. But I can't get past the password protection to see the Gravity Form. Do you still need help with this?

Posted 11 years ago on Thursday December 20, 2012 | Permalink
alindgren
Member

Yes, I had to password protect it at the client's request. I emailed the password to priority@gravityforms.com.

Thanks

Posted 11 years ago on Thursday December 20, 2012 | Permalink
fishinstud
Member

This is a unique site where a handy tool lives. Give this a shot: http://www.whynopadlock.com/

Posted 11 years ago on Sunday January 20, 2013 | Permalink
Chris Hajer
Key Master

Thanks for that link.

Posted 11 years ago on Monday January 21, 2013 | Permalink
subculturemk
Member

I am having the same issues. Took me forever to get an SSL on the page but now I am having the same problems as everyone else... PLEASE HELP!

riseafoodfest.com/food-vendor-application/

Posted 11 years ago on Thursday March 28, 2013 | Permalink
Chris Hajer
Key Master

I got a security exception from Firefox right away, about an invalid cert because it is self-signed. Are you talking about that error, or something else? Screenshot: http://minus.com/lbjmNxLKlV4qne

Also, if you check your page with this tool, you will see all sorts of resources not being loaded over SSL, which is why you have a warning: http://www.whynopadlock.com/

Normally you need a plugin to force all your WordPress resources over SSL. Here is one such plugin: http://wordpress.org/extend/plugins/wordpress-https/

Posted 11 years ago on Saturday March 30, 2013 | Permalink