Solved

Internet explorer refuses secure links HTTPS

Posted on 2014-03-11
11
819 Views
Last Modified: 2014-03-12
Hi dear Experts,

We have a website to uses SSL for some links, but as soon as you click them in any version of internet explorer, IE throws an error 'Page not found'

Obviously, this is pure pain. Can anyone know how to solve this problem server side ?

WE are scripted in Coldfusion 9

MAny thanks !
Adam
0
Comment
Question by:adam1h
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +1
11 Comments
 
LVL 5

Expert Comment

by:Martin Tarlink
ID: 39920553
Could you provide more information?

Do you host that site?
If yes, on what web server  Apache, IIS, Cherokee....?

SSL setup is done on web server side and in most cases it is related to the server configuration .
You can open server log and if you host it on linux #tail -f your_log_file
and next open IE and open your page, you will see what is going on.
0
 

Author Comment

by:adam1h
ID: 39920570
Hi Tarlink,

Thanks for your reply. We are on a shared server, I reckon IIS, SSL certificate is installed under a Plesk console, and I don't know much more than that.
`
Sorry this wasn't much help

Adam
0
 
LVL 11

Expert Comment

by:Manjunath Sullad
ID: 39920577
Are you able to open this website in other browsers ?

If No - You need check the application link is working or not.


If you are able to acess in other browsers,

1. Check the IE add-ons and disable add-ons.

2 .If you are accessing via proxy, By pass proxy settings,

3. Check the compatible view settings in IE.

4. Add website to Trusted site list.

5. Disable / Enable popup blocker

6. Check the Java version.

7. Check the supporing plugins.

8. Try to reset Internet explorer settings and check.

_ Manjunath Sullad
0
IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

 

Author Comment

by:adam1h
ID: 39920610
Hi Manjunath,
Thanks for your reply. Yes we can see it from any browser, and same in IE, we can see it.

But when we hit a page under HTTPS, then IE doesn't want to display it. We are looking for a solution that forces IE to act and read HTTPS without any human intervention.

A coldfusion script that could apply to IE 6, 7 , 8 and avoid this hassle

Thanks !
Adam
0
 
LVL 5

Expert Comment

by:Martin Tarlink
ID: 39920651
There is always problem with IE and developing :)
It could be also some error in the code.
The best way will be to look in to logs
I am not familiar with Plesk but I found this page so maybe yo will be able to dig in to and see what logs will tell you http://serverfault.com/questions/472008/plesk-9-5-access-logs-on-winows-server

Install http://getfirebug.com/firebuglite for IE and try also look for any errors
0
 

Author Comment

by:adam1h
ID: 39920729
Hey Tarlink,

yes indeed, IE is a pure pile of headache :)

Our website does work in all browsers, but it is only not working when we use HTTPS , here is a link, it says 'Page cannot be displayed'

https://www.joe-cool.co.uk/index.cfm

The code is fine. If a workaround this can be done via application.cfc then I'll take it.

THANKS !
Adam
0
 
LVL 4

Expert Comment

by:Rodrigo Munera
ID: 39920850
Just loaded the site and it seems to work fine on IE 11

I also noticed that you're forcing SSL on the clients (attempted to load the page with http and was redirected to https).

Make sure you're not creating an infinite loop with your redirect rules, more often than not, these will manifest themselves as "page not found" messages, though, sometimes the browser will actually tell you "Too many redirects".

if you're using a version of cgi.https to force your SSL, build in some infinite loop breaks, like a counter in the session scope or in a cookie. The error you're seeing could be the client refusing multiple redirect instructions to the same page.
0
 

Author Comment

by:adam1h
ID: 39920896
Hi Rodrigo,

That's an interresting one. We do force HTTPS using our application.cfc

Here is a copy of what we use :

<!--- httpsCheck --->
	<cffunction  name="httpsCheck" access="public" returntype="void"	 output="yes" description="check if it's https protocol and redirect if required">
		
		<!--- force user to use https secure server path --->
		<cfif cgi.server_port NEQ "xxx">
			<cfset urlNow = "https://" & "#CGI.SERVER_NAME#" & "#CGI.Script_Name#" &  "?" & "#CGI.Query_String#">
			<cfoutput><meta http-equiv="Refresh" content="0; url=#urlNow#" /></cfoutput>
		</cfif>
    </cffunction>

Open in new window


Do you think we should operate another way ? We thought that forcing HTTPS was more secure...

Adam
0
 
LVL 4

Accepted Solution

by:
Rodrigo Munera earned 500 total points
ID: 39920937
You can use
<cfif cgi.https NEQ "on">

Open in new window

Instead of
<cfif cgi.server_port NEQ "xxx">

Open in new window

But they both probably work using the same principle in the back-end.

I would do something like
		<cfif cgi.https EQ "on"><!--- switched the logic to avoid confusing double-negatives ---->
			<cfset session.httpCheckCount = 0><!--- here we reset the count because SSL is on --->
		<cfelse>
			<cfset urlNow = "https://" & "#CGI.SERVER_NAME#" & "#CGI.Script_Name#" &  "?" & "#CGI.Query_String#">
			<cfif session.httpCheckCount LTE 1><!--- here we ensure we're not making too many redirects --->
				<cfset session.httpCheckCount = session.httpCheckCount+1><!--- here we increase the counter for the redirects --->
				<cfoutput><meta http-equiv="Refresh" content="0; url=#urlNow#" /></cfoutput>
			</cfif>
		</cfif>

Open in new window


Also, if you're using the session variable, make sure you initialize it in the "onSessionStart" method of your application.cfc

<cfset session.httpCheckCount = 0>

Open in new window

0
 

Author Comment

by:adam1h
ID: 39920961
Rodrigo,

Thanks for your help. This is good and will try it now.

the XXX was used to replace a port number I didn't wanted to list in here :-)

SPeak soon, and MANY THANKS !
Adam
0

Featured Post

What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently while working on a project I got a very annoying cfdocument has no body error message. I had never seen this error before. So I checked the code. The code was pretty simple; it was Just showing me the cfdocumnt tag and inside that tag a …
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question