Tuesday, July 21, 2009

Avoiding the SSL Security Information pop-up message




On the administration consoles, some users get the SSL security information pop-up message with each page turn. How can we prevent this?
Users may see a security message like the one below when working with a site that uses a secure socket layer (SSL):
Security Information This message contains both secure and nonsecure items. Do you wish to display the non secure items? Message Information: Downloading non-secure content from a secure Web site. The Web site you are viewing is a secure site. It uses a security protocol such as SSL (Secure Sockets Layer) or PCT (Private Communications Technology) to secure the information you send and receive. When sites use a security protocol, information that you provide, such as your name or credit-card number, is encrypted so that it can’t be read by other people. However, this Web page also contains items that do not use this secure protocol. Given what you know about this Web site and your computer, you must decide whether to continue working with this site. If you do not feel confident about working with this site, click No.


Root Cause

This message will typically display in the following situations:
A site utilizes SSL, but some items referenced on the site, such as images hosted on other servers, are not SSL protected. In this case, the message is indicating that not all callouts are SSL protected.
The user moves from a site that uses Secure Socket Layer (SSL) to one that does not. If SSL is used, the URL begins with https instead of http. The additional "s" in the URL indicates the SSL. Therefore, the message lets the user know that they are leaving an SSL-protected site.


Temporary solution to Block the Popup

Users may not get the security message if they have previously clicked an option that states "Don't warn me again..." or "Always trust..." In addition, users can configure their browsers to not display these alerts. For example, in the case of mixed content messages, users can turn off the pop-up message through the path: Internet Explorer > Tools > Internet Options > Security > Custom Level > Miscellaneous > Display Mixed Content and disable the setting.
As a result, if the user sees the “Don’t warn me again”-type of option, checking this box is the easiest way to avoid multiple warning messages. If your secure site includes a redirect, you may want to verify that the redirect goes to an SSL-protected site that has a URL beginning with https.
If you suspect non-secured images or links are include on your RightNow pages, you should check the files below for any links or references to non-secure items:
home_top.phph
home_bottom.phph
top.phph
bottom.phph
head.phph
Removing the links to non-secure items will prevent the message from displaying.

Reference : http://crm.rightnow.com/app/answers/detail/a_id/2009

No comments: