Solved

How to determine a site is SSL besides the 'lock' and 'https'

Posted on 2016-09-12
6
76 Views
Last Modified: 2016-09-13
We just finish purchasing a SSL for a site.  Yet when we log to the site without "Https", it displays the regular "Http:".  However, when typing "Https://domain.name", it display the "S" and the Lock, otherwise it doesn't.  

Is the site secure? Does it have SSL? How can we determine that the SSSLl is in effect even without seeing the Lock or "Https"?

Please advice.
0
Comment
Question by:rayluvs
6 Comments
 
LVL 12

Assisted Solution

by:Gary Dewrell
Gary Dewrell earned 100 total points
ID: 41794582
You either need to put in a url redirect to redirect http://  to https:// or unbind port 80 for that site in your webserver for that site which will stop http://... from showing up at all.
0
 
LVL 62

Assisted Solution

by:btan
btan earned 100 total points
ID: 41795247
Best is through network sniffing and look out for SSL packets e.g. use wireshark, so If you're intercepting the traffic, then port 443 is the filter you need. This is one of the common SSL port. If you have the site's private key, you can also decrypt that SSL . (needs an SSL-enabled version/build of Wireshark.) See http://wiki.wireshark.org/SSL

Otherwise you can try ssl lab test (online) or do a ssl connection using tool such as nmap, nessus or ssl_test
https://www.ssllabs.com/ssltest/
https://www.owasp.org/index.php/Testing_for_SSL-TLS_(OWASP-CM-001)
0
 
LVL 35

Accepted Solution

by:
mccarl earned 300 total points
ID: 41795253
Answering your questions more directly...

Is the site secure?
No. You can access it via http:// and any traffic when used like this is NOT encrypted.

Does it have SSL?
It does, but the website is not enforcing the use. Depending on the URL entered you can access both the SSL version and the non-SSL version.

How can we determine that the SSSLl is in effect even without seeing the Lock or "Https"?
If you don't see the lock and/or https:// then SSL is NOT in effect.


Now, as for how to resolve this issue, see gdewrell's comment above.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 62

Expert Comment

by:btan
ID: 41795274
For a complete check that SSL is setup correctly amd securely, you can check out the online tools by just entering your HTTPS  Url using ssl lab test or below. https://www.whynopadlock.com
0
 

Author Closing Comment

by:rayluvs
ID: 41795605
Thanx mccarl for answering every part of our question.  As a matter of fact it helped us identify the problem.

FYI:
Digging more into the matter, we found that the problem was we needed to create a .htaccess file in order for redirecting HTTP to HTTPS automatically when being addressed by users.

Fixed!

Also awarded the other EE because of great links to determine if SSL

Thanx All!
0
 
LVL 35

Expert Comment

by:mccarl
ID: 41795758
You're welcome!!
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A Change in PHP Behavior with Session Write Short Circuit (http://php.net/manual/en/book.session.php#116217) (Winter 2014)** With the release of PHP 5.6 the session handler changed in a way that many think should be considered a bug.  See the note …
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question