On the administration consoles, why do some users get the SSL security information pop-up message with each page turn?
Users may see a security message like the one below when working with a site that uses a secure socket layer (SSL):
This site contains both secure and nonsecure items. Do you wish to display the non secure items?
This message is informing you that the site you are navigating to is a secure site. However, it will download content from a non secure site.
A secure site uses a security protocol such as SSL (Secure Sockets Layer) or PCT (Private Communications Technology) to secure the information you send and receive. Information such as your name or credit-card number, is encrypted so that it can't be read by other people. The non secure items are not encrypted. Non secure items may simply be information items or they may be information gathering items. Given what you know about this website and your computer, you must decide whether to continue working with this site.
If you do not feel confident about working with this site, click No.
Another possible reason for seeing this message is when you use your own custom domain name, but have not provided Oracle B2C Service Support with your own digital certificate. This results in your site using the *.custhelp.com certificate when it should use its own.
This message will typically display in the following situations:
- A site utilizes SSL, but some items referenced on the site, such as images hosted on other servers, are not SSL protected. In this case, the message is indicating that not all callouts are SSL protected.
- The user moves from a site that uses Secure Socket Layer (SSL) to one that does not. If SSL is used, the URL begins with https instead of http. The additional "s" in the URL indicates the SSL. Therefore, the message lets the user know that they are leaving an SSL-protected site.
Users may not get the security message if they have previously clicked an option that states "Don't warn me again..." or "Always trust..." In addition, users can configure their browsers to not display these alerts. For example, in the case of mixed content messages, users can turn off the pop-up message through the path: Internet Explorer > Tools > Internet Options > Security > Custom Level > Miscellaneous > Display Mixed Content and disable the setting.
As a result, if the user sees the “Don't warn me again”-type of option, checking this box is the easiest way to avoid multiple warning messages. If your secure site includes a redirect, you may want to verify that the redirect goes to an SSL-protected site that has a URL beginning with https.
Another method to resolve the mixed content messages is to enable the SEC_END_USER_HTTPS controls. This will force all content to be delivered via HTTPS.