Solved

How to determine a site is SSL besides the 'lock' and 'https'

Posted on 2016-09-12
6
112 Views
Last Modified: 2016-09-13
We just finish purchasing a SSL for a site.  Yet when we log to the site without "Https", it displays the regular "Http:".  However, when typing "Https://domain.name", it display the "S" and the Lock, otherwise it doesn't.  

Is the site secure? Does it have SSL? How can we determine that the SSSLl is in effect even without seeing the Lock or "Https"?

Please advice.
0
Comment
Question by:rayluvs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 12

Assisted Solution

by:Gary Dewrell
Gary Dewrell earned 100 total points
ID: 41794582
You either need to put in a url redirect to redirect http://  to https:// or unbind port 80 for that site in your webserver for that site which will stop http://... from showing up at all.
0
 
LVL 64

Assisted Solution

by:btan
btan earned 100 total points
ID: 41795247
Best is through network sniffing and look out for SSL packets e.g. use wireshark, so If you're intercepting the traffic, then port 443 is the filter you need. This is one of the common SSL port. If you have the site's private key, you can also decrypt that SSL . (needs an SSL-enabled version/build of Wireshark.) See http://wiki.wireshark.org/SSL

Otherwise you can try ssl lab test (online) or do a ssl connection using tool such as nmap, nessus or ssl_test
https://www.ssllabs.com/ssltest/
https://www.owasp.org/index.php/Testing_for_SSL-TLS_(OWASP-CM-001)
0
 
LVL 36

Accepted Solution

by:
mccarl earned 300 total points
ID: 41795253
Answering your questions more directly...

Is the site secure?
No. You can access it via http:// and any traffic when used like this is NOT encrypted.

Does it have SSL?
It does, but the website is not enforcing the use. Depending on the URL entered you can access both the SSL version and the non-SSL version.

How can we determine that the SSSLl is in effect even without seeing the Lock or "Https"?
If you don't see the lock and/or https:// then SSL is NOT in effect.


Now, as for how to resolve this issue, see gdewrell's comment above.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 64

Expert Comment

by:btan
ID: 41795274
For a complete check that SSL is setup correctly amd securely, you can check out the online tools by just entering your HTTPS  Url using ssl lab test or below. https://www.whynopadlock.com
0
 

Author Closing Comment

by:rayluvs
ID: 41795605
Thanx mccarl for answering every part of our question.  As a matter of fact it helped us identify the problem.

FYI:
Digging more into the matter, we found that the problem was we needed to create a .htaccess file in order for redirecting HTTP to HTTPS automatically when being addressed by users.

Fixed!

Also awarded the other EE because of great links to determine if SSL

Thanx All!
0
 
LVL 36

Expert Comment

by:mccarl
ID: 41795758
You're welcome!!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction and Prerequisites This article describes methods for detecting whether a client browser accepts and returns HTTP cookies and whether the client browser runs JavaScript.  Most client browsers will, by default, be configured to use cooki…
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question