Only secure content is displayed

Question

Our company website (ASP.Net 3.5) uses SSL to secure the checkout pages. Users are getting the "Only secure content is displayed" message at the bottom of IE. Many of them freak out and abandon their cart and we loose a sale. The secure contect is in a subfolder and IIS7 is configured to require SSL on that subfolder. I used the IE dev toolbar to try to see what causes this and get the following:

SEC7111: HTTPS security is compromised by http://www.myCompany.com/WebResource.axd?d=dJde0NlmEkubWa-RO0uUtg2&t=633833944103732959 
Login.aspx
SEC7111: HTTPS security is compromised by http://www.myCompany.com/ScriptResource.axd?d=-4ipYW6oMR5JKr02ccZdGEkLMeXnvSWAqFrG98oQ5--7NMeKPsjwSVXJeHzqvzhsd1bLH85MgJQdnNYNUNH1gAXPGD9gbk2fwYnJI-0eaw41&t=ffffffffa6437166 
Login.aspx
SEC7111: HTTPS security is compromised by http://www.myCompany.com/ScriptResource.axd?d=-4ipYW6oMR5JKr02ccZdGEkLMeXnvSWAqFrG98oQ5--7NMeKPsjwSVXJeHzqvzhsvkt8QvjGkHw2IYbLkF5RHr1t21TH0EEkLDcUGVpdxdE1&t=ffffffffa6437166 
Login.aspx

We also had a bunch of offending javascript files but worked around those by copying them into the secure directory. That made Chrome and Firefox happy but we still get the message with IE.

How can I stop the popup and keep from scaring my customers away?

Answer 1

Just change those urls to https.

Now, those script resources look like they're automatically generated by .NET, so you may have to jump through some hoops to do that...

[Edit] Hoisting this up from my comment:

Some guy suggests changing the uri in global.asax on Application_BeginRequest

Answer 2

Headache saver... thank you for mentioning IE developer tools. Like many I do most of my testing with firefox and leave IE to last (can't beat firebug!). BUT The way that they've improved IE I think I may be rethinking that strategy! After all most of the world still used IE too.

The developer tools found this line in my css that was giving me the security violations ... simply fixed by changing to https

@import url(http://fonts.googleapis.com/css?family=Gudea);

to

SEC7111: HTTPS security is compromised by http://fonts.googleapis.com/css?family=Gudea onepage
SEC7111: HTTPS security is compromised by http://fonts.googleapis.com/css?family=Gudea onepage

Answer 3

We ended up using SecuritySwitch http://code.google.com/p/securityswitch/wiki/GettingStarted, which works perfectly.

Answer 4

Method1 : change all the Http link to https. Add proper html tags, openings and closing tags according to html5 standard.

if this is not solving the problem move to step 2 which helped me to solve the issue in SharePoint website.

Method 2: I entered the build-in “Developer Console” feature of Internet Explorer 9 by hitting F12 I refreshed the SharePoint page by hitting F5 On the developer console these lines appeared:

Excellent – here I had the “root of the problem”

I hope this post helps others with the same problem