I have purchased an ssl certificate and installed it on my ubuntu apache2 server as directed by the issuer. I then then added the following to /etc/apache2/sites-available/ssl-[mysite]:
<VirtualHost *:443>
ServerAdmin [me]@[mysite]
ServerName www.[mysite]
ServerAlias [mysite]
# Indexes + Directory Root.
# DirectoryIndex index.html index.htm index.php
DocumentRoot [mysite htdocs]
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/[mysite].crt
SSLCertificateKeyFile /etc/apache2/ssl/[mysite].key
SSLCertificateChainFile /etc/apache2/ssl/sf_bundle.crt
WSGIScriptAlias /[myapp] /[myapp location]
</VirtualHost>
The ssl certificate is working like a dream for my base url, giving my the green lock symbol, but when I go to my app directory the lock symbol has a big red cross over it and I get this worrying message:
Your connection to [mysite] is encrypted with 256-bit encryption.
However, this page includes other resources which are not secure.
These resources can be viewed by others while in transit, and can be
modified by an attacker to change the behavior of the page.
This obviously will scare away practically anyone, is this an issue with Django or with my apache config or what?
I have know idea where to start with this, so suggestions are welcomed
This warning means that you even though you are redirecting to an HTTPS link you are sending parts of your page over plain HTTP.
You should make sure that everything is over HTTPS to avoid this warning and pottential vulnerability.
I can’t give you any hints on how to fix this since you haven’t said much on your application and I don’t know the
apache2configuration but hopefully you now have a starting point to see what to fix.Usually you will see this warning on sites that have advertisments or embedded images