Solved

How to determine a site is SSL besides the 'lock' and 'https'

Posted on 2016-09-12
6
69 Views
Last Modified: 2016-09-13
We just finish purchasing a SSL for a site.  Yet when we log to the site without "Https", it displays the regular "Http:".  However, when typing "Https://domain.name", it display the "S" and the Lock, otherwise it doesn't.  

Is the site secure? Does it have SSL? How can we determine that the SSSLl is in effect even without seeing the Lock or "Https"?

Please advice.
0
Comment
Question by:rayluvs
6 Comments
 
LVL 12

Assisted Solution

by:Gary Dewrell
Gary Dewrell earned 100 total points
ID: 41794582
You either need to put in a url redirect to redirect http://  to https:// or unbind port 80 for that site in your webserver for that site which will stop http://... from showing up at all.
0
 
LVL 62

Assisted Solution

by:btan
btan earned 100 total points
ID: 41795247
Best is through network sniffing and look out for SSL packets e.g. use wireshark, so If you're intercepting the traffic, then port 443 is the filter you need. This is one of the common SSL port. If you have the site's private key, you can also decrypt that SSL . (needs an SSL-enabled version/build of Wireshark.) See http://wiki.wireshark.org/SSL

Otherwise you can try ssl lab test (online) or do a ssl connection using tool such as nmap, nessus or ssl_test
https://www.ssllabs.com/ssltest/
https://www.owasp.org/index.php/Testing_for_SSL-TLS_(OWASP-CM-001)
0
 
LVL 35

Accepted Solution

by:
mccarl earned 300 total points
ID: 41795253
Answering your questions more directly...

Is the site secure?
No. You can access it via http:// and any traffic when used like this is NOT encrypted.

Does it have SSL?
It does, but the website is not enforcing the use. Depending on the URL entered you can access both the SSL version and the non-SSL version.

How can we determine that the SSSLl is in effect even without seeing the Lock or "Https"?
If you don't see the lock and/or https:// then SSL is NOT in effect.


Now, as for how to resolve this issue, see gdewrell's comment above.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 62

Expert Comment

by:btan
ID: 41795274
For a complete check that SSL is setup correctly amd securely, you can check out the online tools by just entering your HTTPS  Url using ssl lab test or below. https://www.whynopadlock.com
0
 

Author Closing Comment

by:rayluvs
ID: 41795605
Thanx mccarl for answering every part of our question.  As a matter of fact it helped us identify the problem.

FYI:
Digging more into the matter, we found that the problem was we needed to create a .htaccess file in order for redirecting HTTP to HTTPS automatically when being addressed by users.

Fixed!

Also awarded the other EE because of great links to determine if SSL

Thanx All!
0
 
LVL 35

Expert Comment

by:mccarl
ID: 41795758
You're welcome!!
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction and Prerequisites This article describes methods for detecting whether a client browser accepts and returns HTTP cookies and whether the client browser runs JavaScript.  Most client browsers will, by default, be configured to use cooki…
A few customers have recently asked my thoughts on Password Managers.  As Security is a big part of our industry I was initially very hesitant and sceptical about giving a program all of my secret passwords.  But as I was getting asked about them mo…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now