How to determine a site is SSL besides the 'lock' and 'https'

We just finish purchasing a SSL for a site.  Yet when we log to the site without "Https", it displays the regular "Http:".  However, when typing "Https://domain.name", it display the "S" and the Lock, otherwise it doesn't.  

Is the site secure? Does it have SSL? How can we determine that the SSSLl is in effect even without seeing the Lock or "Https"?

Please advice.
rayluvsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Gary DewrellSenior Network AdministratorCommented:
You either need to put in a url redirect to redirect http://  to https:// or unbind port 80 for that site in your webserver for that site which will stop http://... from showing up at all.
0
btanExec ConsultantCommented:
Best is through network sniffing and look out for SSL packets e.g. use wireshark, so If you're intercepting the traffic, then port 443 is the filter you need. This is one of the common SSL port. If you have the site's private key, you can also decrypt that SSL . (needs an SSL-enabled version/build of Wireshark.) See http://wiki.wireshark.org/SSL

Otherwise you can try ssl lab test (online) or do a ssl connection using tool such as nmap, nessus or ssl_test
https://www.ssllabs.com/ssltest/
https://www.owasp.org/index.php/Testing_for_SSL-TLS_(OWASP-CM-001)
0
mccarlIT Business Systems Analyst / Software DeveloperCommented:
Answering your questions more directly...

Is the site secure?
No. You can access it via http:// and any traffic when used like this is NOT encrypted.

Does it have SSL?
It does, but the website is not enforcing the use. Depending on the URL entered you can access both the SSL version and the non-SSL version.

How can we determine that the SSSLl is in effect even without seeing the Lock or "Https"?
If you don't see the lock and/or https:// then SSL is NOT in effect.


Now, as for how to resolve this issue, see gdewrell's comment above.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Make Network Traffic Fast and Furious with SD-WAN

Software-defined WAN (SD-WAN) is a technology that determines the most effective way to route traffic to and from datacenter sites. Register for the webinar today to learn how your business can benefit from SD-WAN!

btanExec ConsultantCommented:
For a complete check that SSL is setup correctly amd securely, you can check out the online tools by just entering your HTTPS  Url using ssl lab test or below. https://www.whynopadlock.com
0
rayluvsAuthor Commented:
Thanx mccarl for answering every part of our question.  As a matter of fact it helped us identify the problem.

FYI:
Digging more into the matter, we found that the problem was we needed to create a .htaccess file in order for redirecting HTTP to HTTPS automatically when being addressed by users.

Fixed!

Also awarded the other EE because of great links to determine if SSL

Thanx All!
0
mccarlIT Business Systems Analyst / Software DeveloperCommented:
You're welcome!!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.