Help Center/ Cloud Certificate Manager/ FAQs/ SSL Certificate Download, Installation, and Use/ SSL Certificate Troubleshooting/ Why Does the Browser Still Consider the Website Insecure While the Website Has an SSL Certificate Deployed?
Updated on 2024-12-13 GMT+08:00

Why Does the Browser Still Consider the Website Insecure While the Website Has an SSL Certificate Deployed?

Problem Description

After HTTPS is configured, the access to the website is still blocked, and a message is displayed indicating that the website is insecure.

Possible Causes

  • Possible cause 1: The accessed domain name is not the same as the one associated with the purchased certificate.
  • Possible cause 2: Non-HTTPS items, including images, CSS files, and JavaScript files, are incorrectly referenced to the website.
  • Possible cause 3: The certificate has expired.
  • Possible cause 4: The browser cache is large.
  • Possible cause 5: The Website has been connected to Web Application Firewall (WAF), but the certificate used for the website in WAF was not updated.

Solution

Perform the following operations based on the possible cause:

  • Possible cause 1: The accessed domain name is not the same as the one associated with the purchased certificate.

    For example, the associated domain name is huaweicloud.com, but you are accessing https://yun.huaweicloud.com/. The certificate information is shown in Figure 1.

    Figure 1 Certificate information

    The purchased certificate is associated with huaweicloud.com and therefore it does not protect yun.huaweicloud.com. Either huaweicloud.com or yun.huaweicloud.com counts as a domain name. A single-domain certificate protects only the associated domain name.

    Solution:

    You are advised to request a certificate and associate it with the domain name you want to protect. For example, you can purchase a certificate and associate it with yun.huaweicloud.com. Then you can access https://yun.huaweicloud.com/.

    If you have multiple domain names at the same level to be associated, for example, yun.huaweicloud.com, test.huaweicloud.com, and example.huaweicloud.com, which are all under *.huaweicloud.com, select Wildcard for the domain type when purchasing a certificate and associate the certificate with the wildcard domain name *.huaweicloud.com.

  • Possible cause 2: Non-HTTPS items, including images, CSS files, and JavaScript files, are incorrectly referenced to the website.

    When insecure HTTP items are referenced to an HTTPS web page, such as images, JavaScript files, CSS files, audio files, video files, and flash files, HTTP images referenced in CSS files, and insecure items written in JavaScript scripts are blocked by the browser by default. If you forcibly load the web page, a message is displayed indicating insecurity.

    Solution:

    1. Open a web browser (Google Chrome 74 is used as an example) and access the web page to be checked.
    2. Press F12 to access Developer Tools. In the upper right corner, you can see which insecure web links affect the website.
      Figure 2 Checking insecure links
    3. Find the reported insecure link and make sure it is an HTTP link.
      Figure 3 Checking insecure items
      • If the web link is useless, delete it. Then check whether the insecure link is cleared successfully.
      • If the web link is important and cannot be deleted, change the HTTP path to an HTTPS path.

      If your website involves data like APIs, you are advised to contact the vendor that provides the invoked data. This is because APIs are important and cannot be modified randomly. If the vendor does not perform HTTPS authentication, you are advised not to perform authentication to prevent any errors in invoked data. For details, contact your vendor.

    4. After the processing is complete, clear the browser cache and access the website again.
  • Possible cause 3: The certificate has expired.

    If your SSL certificate has expired, a message will be displayed indicating insecurity when you access the associated domain name.

    Solution:

    Purchase a new certificate. For details, see What Can I Do If My SSL Certificate Expired?

  • Possible cause 4: The browser cache is large.

    Solution: Clear the browser cache or use another browser.

  • Possible cause 5: The Website has been connected to Web Application Firewall (WAF), but the certificate used to the website in WAF was not updated.

    Solution

    • If you still need to use WAF, update the certificate in WAF. For details, see Updating a Certificate in WAF
    • If WAF is no longer used, resolve the domain name to the origin server.