Why Does the Browser Still Consider the Website Insecure While the Website Has an SSL Certificate Deployed?

For example, the associated domain name is huaweicloud.com, but you are accessing https://yun.huaweicloud.com/. The certificate information is shown in Figure 1.

Figure 1 Certificate information

The purchased certificate is associated with huaweicloud.com and therefore it does not protect yun.huaweicloud.com. Either huaweicloud.com or yun.huaweicloud.com counts as a domain name. A single-domain certificate protects only the associated domain name.

Solution:

You are advised to request a certificate and associate it with the domain name you want to protect. For example, you can purchase a certificate and associate it with yun.huaweicloud.com. Then you can access https://yun.huaweicloud.com/.

If you have multiple domain names at the same level to be associated, for example, yun.huaweicloud.com, test.huaweicloud.com, and example.huaweicloud.com, which are all under *.huaweicloud.com, select Wildcard for the domain type when purchasing a certificate and associate the certificate with the wildcard domain name *.huaweicloud.com.

When insecure HTTP items are referenced to an HTTPS web page, such as images, JavaScript files, CSS files, audio files, video files, and flash files, HTTP images referenced in CSS files, and insecure items written in JavaScript scripts are blocked by the browser by default. If you forcibly load the web page, a message is displayed indicating insecurity.

Solution:

1. Open a web browser (Google Chrome 74 is used as an example) and access the web page to be checked.
2. Press F12 to access Developer Tools. In the upper right corner, you can see which insecure web links affect the website.
   Figure 2 Checking insecure links
   
3. Find the reported insecure link and make sure it is an HTTP link.
   Figure 3 Checking insecure items
   
   • If the web link is useless, delete it. Then check whether the insecure link is cleared successfully.
   • If the web link is important and cannot be deleted, change the HTTP path to an HTTPS path.
   

   If your website involves data like APIs, you are advised to contact the vendor that provides the invoked data. This is because APIs are important and cannot be modified randomly. If the vendor does not perform HTTPS authentication, you are advised not to perform authentication to prevent any errors in invoked data. For details, contact your vendor.

4. After the processing is complete, clear the browser cache and access the website again.

If your SSL certificate has expired, a message will be displayed indicating insecurity when you access the associated domain name.

Solution:

Purchase a new certificate. For details, see What Can I Do If My SSL Certificate Expired?

Solution: Clear the browser cache or use another browser.

Solution

• If you still need to use WAF, update the certificate in WAF. For details, see Updating a Certificate in WAF
• If WAF is no longer used, resolve the domain name to the origin server.