Once your SSL certificate is installed, you need to make sure that all of the pages that will be displayed behind the SSL (using https:// protocol), are secure and no insecure content is being requested throughout your pages. Without taking the necessary actions as outlined below, most of the web browser will still show your website as being insecure, despite having an actual SSL in place.
For a secure, HTTPS connection to be established, every item on the page must be served from a secure source. This means all embedded images, videos, flash movies, iframes and Java scripts must be served from a secure location. If any items are not, then website visitors will see an error message similar to this:
This is the most common issue of all SSL errors, but is also one of the easiest to fix.
- Don't call any insecure content using http:// references in your pages. Change all references and links from HTTP to HTTPS.
For example, <img src="https://images.mydomain.com/image.png" alt="" >
- Use relative links on your website instead of absolute links.
For example, instead of src=“http://mydomain.com/my-script.js“, use scr=“/my-script.js“.
Then, if your main page is accessed over HTTPS, the browser will also load /my-script.js over HTTPS. This technique is also very useful if your page references external content that is explicitly server over HTTP (YouTube or Google Analytics, for example).
- Use SSL (https:// protocol) pages across your entire site. This will ensure much better security for your visitors and, because Google is awarding higher search ranking to secure pages, it may also improve your SEO efforts. Please note that doing so may mean you effectively have two copies of your content, so you will need to tell the search engine which version is authoritative. To do this:
- Tell the search engine that the HTTPS version is authoritative by (1) Updating link to point to the HTTPS version (2) Updating the XML sitemap to refer to the HTTPS version of your content. Making these changes means the search engine will index the SSL version of your site and present this version in the search engine results.
- Make sure robots.txt is available over HTTPS.
- Redirect all HTTP requests to the HTTPS version with a permanent 301 redirect. This means your search engine page rank will be transferred to the HTTPS version.
- Update Google webmaster tools to reference the HTTPS version of your site instead of HTTP.
If you are using WordPress you can use the following plugin to help you deal with mixed content errors
You can check your application vendor for any modules/tools which can help you easily fix insecure content.