Tomcat 8.5 SSL config - Padlock not showing on Edge or Firefox. – Not sure why

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Tomcat 8.5 SSL config - Padlock not showing on Edge or Firefox. – Not sure why

pleo87508
Tomcat 8.5, Have just created new server key, generated a csr, imported the cert and supporting cers to a .jks Restarted Tomcat. Site comes up, but on both MS Edge and Firefox, I am not seeing a padlock. If I click on the view site info (where padlock would normally appear) I get the message "Your connection is not fully secure". Further examination under site info, shows that the certificate is valid. In addition SSL Labs gives my site and A+ rating because I have eliminated most weak CIPHERS, and limited SSLProtocol to TLS 1.2. Cannot figure out what Edge and Firefox are complaining about and looking for help/clues -Thanks
Reply | Threaded
Open this post in threaded view
|

Re: Tomcat 8.5 SSL config - Padlock not showing on Edge or Firefox. – Not sure why

pleo87508
As it turns out - face turning red - the issue had to do with mixed-mode page (i.e. some http forms on a https page).   I guess I had not kept up with what/how browsers were/are enforcing.
Once all links on page  were all https, the padlock appeared.
Under Edge dev tools, and I think similar in FireFox, there is a security tab with a little better description, and of course there is the browser console which warned about an http:  being loaded over https:, but I had never seen that be the cause of not getting a padlock.   Like I said, I have not kept up with how browser security warnings have evolved
Thanks.