How to determine a site is SSL besides the 'lock' and 'https'

jana
jana used Ask the Experts™
on
We just finish purchasing a SSL for a site.  Yet when we log to the site without "Https", it displays the regular "Http:".  However, when typing "Https://domain.name", it display the "S" and the Lock, otherwise it doesn't.  

Is the site secure? Does it have SSL? How can we determine that the SSSLl is in effect even without seeing the Lock or "Https"?

Please advice.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Gary DewrellSenior Network Administrator
Commented:
You either need to put in a url redirect to redirect http://  to https:// or unbind port 80 for that site in your webserver for that site which will stop http://... from showing up at all.
btanExec Consultant
Distinguished Expert 2018
Commented:
Best is through network sniffing and look out for SSL packets e.g. use wireshark, so If you're intercepting the traffic, then port 443 is the filter you need. This is one of the common SSL port. If you have the site's private key, you can also decrypt that SSL . (needs an SSL-enabled version/build of Wireshark.) See http://wiki.wireshark.org/SSL

Otherwise you can try ssl lab test (online) or do a ssl connection using tool such as nmap, nessus or ssl_test
https://www.ssllabs.com/ssltest/
https://www.owasp.org/index.php/Testing_for_SSL-TLS_(OWASP-CM-001)
IT Business Systems Analyst / Software Developer
Top Expert 2015
Commented:
Answering your questions more directly...

Is the site secure?
No. You can access it via http:// and any traffic when used like this is NOT encrypted.

Does it have SSL?
It does, but the website is not enforcing the use. Depending on the URL entered you can access both the SSL version and the non-SSL version.

How can we determine that the SSSLl is in effect even without seeing the Lock or "Https"?
If you don't see the lock and/or https:// then SSL is NOT in effect.


Now, as for how to resolve this issue, see gdewrell's comment above.
JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.

btanExec Consultant
Distinguished Expert 2018

Commented:
For a complete check that SSL is setup correctly amd securely, you can check out the online tools by just entering your HTTPS  Url using ssl lab test or below. https://www.whynopadlock.com

Author

Commented:
Thanx mccarl for answering every part of our question.  As a matter of fact it helped us identify the problem.

FYI:
Digging more into the matter, we found that the problem was we needed to create a .htaccess file in order for redirecting HTTP to HTTPS automatically when being addressed by users.

Fixed!

Also awarded the other EE because of great links to determine if SSL

Thanx All!
mccarlIT Business Systems Analyst / Software Developer
Top Expert 2015

Commented:
You're welcome!!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial