SSL Problem - Display Secure and Non-Secure

Shopping Cart nopCommerce 1.7     Theme nopclassic     my web site: www.blmgifts-bronnleyusa.com

I've purchased the SSL and my hosting company "Arvixe" installed the Certificate for me.  I went into the web.config file in my root directory and change the UseSSL to "true".  I've also gone into my Global Settings:  the Encryption private key has a number filled in and I've checked the Login captcha image enable and checked the Registration captcha image enable.  

My problem is when I go to my shopping cart from my main web site a pop-up security warning appears "Do you want to view only the webpage content that was delivered securely?  This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage.    (I think the unsecure items are the pictures of my product that are added to the shopping cart).  If you say "Yes" then the pictures are removed and if you say "No" then the pictures remain.  

But when you leave the shopping cart to go back to the main home page, it keeps you in the https: web site instead of switching back to the non-secure web site and if you  said "Yes" to the security window, all the pictures are removed form the site.  On the home page that is now secure (https), if you go into a "Category" page from the Navigation links, it throws you back into the regular "http" website and not the secure site.  

Is there a way to fix the "pop up security window" and also how to return to the regular "home" page when leaving the shopping cart.

Any help would be greatly appreciated!

you have a few scripts running on the secure pages - I think this is what's causing the problem

Is there a way that I can find out what scripts are running on the secure pages?  I know on the home page I have a script running - the marquee scroller that runs across the home page.   That is the only script I've added to the site that I can remember.  

Thanks

A good way is to use FireFox with the FireBug extension. This will list all get requests on the page with the URLs.
Using FireBug and browsing to https://www.blmgifts-bronnleyusa.com/default.aspx The unsecure objects are:

http://www.blmgifts-bronnleyusa.com/Scripts/jquery-1.4.min.js
http://www.blmgifts-bronnleyusa.com/Scripts/jquery.li-scroller.1.0.js
http://www.blmgifts-bronnleyusa.com/Scripts/crawler.js
http://www.blmgifts-bronnleyusa.com/images/thumbs/0000159_100.jpg
http://www.blmgifts-bronnleyusa.com/images/thumbs/0000473_250.jpg
http://www.blmgifts-bronnleyusa.com/images/thumbs/0000163.gif
http://www.free-easy-counters.com/track.php?page=63045&style=comic_book&nbdigits=5&reloads=1


HTH,

Chris

Chris, THANK YOU! so much for the report that you ran, it saved me so much time trying to figure out what was throwing the error message.   I'm going to have to learn how to use FireFox with the FireBug extension.  

This is what I did to fix my problem, if I’ve done something incorrectly or something that will cause a problem with my site, please correct me.  

I went to my master root file and changed the scripts to be https: instead of http: , I then uploaded those changes.

Then I went to my home page, which is where the images were located that also showed up as “un-secure” and changed the location address to these images the same way, adding an “s” to the http: (<img alt="pic" src="https://www.blmgifts-bronnleyusa.com/images/thumbs/0000159_100.jpg" />)

I’ve ended up deleting the free counter on the page and will put one back up when I can figure out how to make it secure.  

Once I made these changes, I went back into my web site and was able to go to my shopping cart and back to the home page without any “security” pop-up windows appearing.  

A huge thank you to everyone who responded to my request and helped me fix my errors, again if anything I've changed is incorrect, please let me know and I'll fix it.

Hi,
I'm glad your issue is now resolved!

However, instead of referencing your full url for a script or image you can just use a virtual path; for example, instead of using:
http://www.yourstore.com/images/products/product-123.jpg

you can remove the 'http://www.yourstore.com' and use:

/images/products/product-123.jpg

as long as the url of the page and image are the same.
This will mean that you wont need to worry about referencing http(s) as it will be done automatically.

With regards to stats counters - Google Analytics support is already included in nopCommerce.

Regards,

Chris

hey guys

i have a relative issue

im on 1.90 http://www.lebanese-market.com/

after i login with username, it redirects me directly to my homepage but https and says that only secure content is shown but nothing is really not shown

why after login it redirects to https and not to http ?

if i click on anything in categories or new products or product,
it will go back to http but the username is not visible and if i add something it will add it to MY CART as in it knows the logged username

is there something we should do ?
im not live yet and only the first 2 manufacturers have products

thanks ahead for a great software

finally after a week of searching the web about the nopcommerce and SSL errors
i saw that everyone was having the same issue as me
after login the user is redirected to a homepage HTTPS and an error of security is displayed that not everything is secured
this made quite a concern for me and i think for others

so, this is the solution i did and no more error on the https homepage (which was the issue)

you go to master.root.cs and you add the last 2 entries from the below

hope that solves your worries about nopcommerce because it still is one of the best solutions out there
please confirm if this solves your error on homepage

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using NopSolutions.NopCommerce.BusinessLogic.Configuration.Settings;
using NopSolutions.NopCommerce.BusinessLogic.Infrastructure;

namespace NopSolutions.NopCommerce.Web.MasterPages
{
    public partial class root : BaseNopFrontendMasterPage
    {
        protected void RenderAnalyticsScript()
        {
            if (this.SettingManager.GetSettingValueBoolean("Analytics.GoogleEnabled"))
            {
                string googleJS = this.SettingManager.GetSettingValue("Analytics.GoogleJS");
                //string googleId = this.SettingManager.GetSettingValue("Analytics.GoogleId");
                //string analyticsString = string.Format(googleJS, googleId);

                Literal script = new Literal() { Text = googleJS };
                string placement = this.SettingManager.GetSettingValue("Analytics.GooglePlacement").ToLowerInvariant();
                switch (placement)
                {
                    case "head":
                        {
                            this.phAnalyticsHead.Controls.AddAt(0, script);
                        }
                        break;
                    case "body":
                    default:
                        {
                            this.phAnalyticsBody.Controls.AddAt(0, script);
                        }
                        break;
                }
            }
        }
        protected override void OnPreRender(EventArgs e)
        {
            //bind analytics scripts
            this.RenderAnalyticsScript();

            base.OnPreRender(e);
        }
        
        protected void Page_Load(object sender, EventArgs e)
        {
            if (!Page.IsPostBack)
            {
                CommonHelper.EnsureSSL();
            }

        public override PageSslProtectionEnum SslProtected
        {
            get
            {
                return PageSslProtectionEnum.Yes;
            }
        }
    }
}