Tomcat 8.5 SSL config - Padlock not showing on Edge or Firefox. – Not sure why
Tomcat 8.5, Have just created new server key, generated a csr, imported the cert and supporting cers to a .jks
Restarted Tomcat. Site comes up, but on both MS Edge and Firefox, I am not seeing a padlock.
If I click on the view site info (where padlock would normally appear) I get the message "Your connection is not fully secure".
Further examination under site info, shows that the certificate is valid. In addition SSL Labs gives my site and A+ rating because I have eliminated most weak CIPHERS, and limited SSLProtocol to TLS 1.2.
Cannot figure out what Edge and Firefox are complaining about and looking for help/clues
Re: Tomcat 8.5 SSL config - Padlock not showing on Edge or Firefox. – Not sure why
As it turns out - face turning red - the issue had to do with mixed-mode page (i.e. some http forms on a https page). I guess I had not kept up with what/how browsers were/are enforcing.
Once all links on page were all https, the padlock appeared.
Under Edge dev tools, and I think similar in FireFox, there is a security tab with a little better description, and of course there is the browser console which warned about an http: being loaded over https:, but I had never seen that be the cause of not getting a padlock. Like I said, I have not kept up with how browser security warnings have evolved