HTTPS : Secured and non secured item with absolute path

Hi,

I have a <img src = "http:// ..."> which needs to be put in a secured
page. For example on amazon when the confirmation page is displayed...
The problem is that it's a secured page (https) and my tag is an
absolute path... It looks like it's the problem because the tag is not
secured. What are the possible solution to display the image without
the warning message?

Thanks

trihanhcie (AT) gmail (DOT) com wrote:

Quote:

I have a <img src = "http:// ..."> which needs to be put in a secured
page. For example on amazon when the confirmation page is displayed...
The problem is that it's a secured page (https) and my tag is an
absolute path...

An absolute URL to an HTTP URL.

Quote:

It looks like it's the problem because the tag is not
secured.

The tag is irrelevant, it is the means used to access the image.

Quote:

What are the possible solution to display the image without
the warning message?

Copy the image so it is available under the HTTPS server, then access it
there.

--
David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
Home is where the ~/.bashrc is

trihanhcie (AT) gmail (DOT) com wrote:

Quote:

I have a <img src = "http:// ..."> which needs to be put in a secured
page. For example on amazon when the confirmation page is displayed...
The problem is that it's a secured page (https) and my tag is an
absolute path... It looks like it's the problem because the tag is not
secured. What are the possible solution to display the image without
the warning message?

Presuming this is your own site and not Amazon's:

- Make the DocumentRoot for the secure and non-secure sites the same.
- Change <img src = "http:// ..."> to <img src = "https:// ...">.

--
jmm (hyphen) list (at) sohnen-moe (dot) com
(Remove .AXSPAMGN for email)

What do you mean by
- Make the DocumentRoot for the secure and non-secure sites the same. ?

Do I have to by a certificate on my site to change it to a secure site?


Thanks ^^

trihanhcie (AT) gmail (DOT) com wrote:

Quote:

What do you mean by
- Make the DocumentRoot for the secure and non-secure sites the same. ?

I am using terms for the Apache web server.

To support the HTTPS protocol your web server must have a (virtual) host
defined for it, just as you have for HTTP. HTTP, port 80, has a "home" or
"root" directory, the DocumentRoot. HTTPS, port 443, must also have a
"home" or "root" directory. Make those two the same.

Quote:

Do I have to by a certificate on my site to change it to a secure site?

Yes.

--
jmm (hyphen) list (at) sohnen-moe (dot) com
(Remove .AXSPAMGN for email)

In article <bLidnbbXia1NyPTZRVn-pA (AT) giganews (DOT) com>,
Jim Moe <jmm-list.AXSPAMGN (AT) sohnen-moe (DOT) com> wrote:

Quote:

trihanhcie (AT) gmail (DOT) com wrote:

Do I have to by a certificate on my site to change it to a secure site?

Yes.

I agree. But you can create your own certificate IIRC. I did it a few
years ago for testing purposes using SSL. Browsers will throw up a
warning indicating it is not a *certified* certificate. If you get one
of those warnings, pay attention ;-)

leo

--
<http://web0.greatbasin.net/~leo/>

Well the aim is in fact to avoid a warning ... What I mean is :
If Amazon put <img src = https://www.mysite.com?id=..> on his
confirmation page (https://www.amazon.com/...) and I have my own
certifate IIRC, will the user have the warning?

Oups sorry i thought it was the name of the certificate IIRC... How did
u create your own certificatE? :s

Leonard Blaisdell wrote:

Quote:

Do I have to by a certificate on my site to change it to a secure site?

Yes.

I agree. But you can create your own certificate IIRC. I did it a few
years ago for testing purposes using SSL. Browsers will throw up a
warning indicating it is not a *certified* certificate. If you get one
of those warnings, pay attention ;-)

Yes, it is easy enough to create your own. But, as you say, because

there is no chain of authority, browsers (are supposed to) warn the user
about the dodgy certificates ("Do you really really trust this site?").
Authoritative certificates are cheap enough, $50 - $300, depending on
the type and period of validity.

--
jmm (hyphen) list (at) sohnen-moe (dot) com
(Remove .AXSPAMGN for email)