Home » discuss » Public forums » iMIS Community

Enabling SSL on imis website and avoiding security warnings for non https:// content

Posted June 20th, 2012 by Scott Rowan
|

Hi,

We want to make our iMIS website solely accessible via SSL with a SSL Certificate.

However, when I visit the page, we are getting the following "Security Warning" from Internet Explorer:  Do you want to view only the webpage content that was delivered securely? 

I've looked to see what is being delivered using http rather than https and appears to be:-

* http://maps.googleapis.com

* http://maps.gstatic.com

What have others users done? Is it possible to change these references to use https:// rather than http://??

(This issue has been with ASI Tech Support for a month with no positive result so I'd appreciate any advice)

Thanks,

Scott

 

‹ iMIS15 on Citrix XenDesktopmass update of user logins ›
login or register to post comments | printer friendly version

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Hi Scott, I've had a quick

On June 20th, 2012 Phil Belenkin says:

Hi Scott,

I've had a quick look at your SMR,

  1. Is this happening on all pages in iMIS or just the pages using the QueryMenu iPart.
  2. Do you have a demo/test site setup we could take a look at (if you do please pass the details onto support rahter than putting them here)

Thanks

Phil

login or register to post comments

Thanks for response

On June 20th, 2012 Scott Rowan says:

Hi Phil,

Thanks for response - it looks like it may only be happening on pages that are querying data from iMIS (which is most of our pages)

I created a new static pages with only HTML content and it is not showing the issue.

We don't have a public test site, but happy to co-ordinate a remote session.

Thanks,

Scott

login or register to post comments

Does this involve any links to javascript or jquery libaries

On June 23rd, 2012 VinceM says:

Just wondering if this involves any links to javascript or jquery libary with in your master page(s), etc.

 

login or register to post comments

I suspect it does

On June 24th, 2012 Scott Rowan says:

Hi Vince,

I suspect it does, however this is using out of the box iMIS functionality.

I'm not sure why the querymenu iparts are trying to use google api's and how to turn this off.

I suspect other imis sites using SSL would encounter the same issue.

Regards,

Scott

login or register to post comments

references to the URLS

On June 24th, 2012 VinceM says:

Hi Scott,

Where are your references to

* http://maps.googleapis.com

* http://maps.gstatic.com

Are these in script tags anywhere?

I resolved a similar problem (if this is really indeed similar) before by removing the protocol

so the tag was  <script src="//www.google.com/someresource.js"></script>  Then, the script works with http or https depending on the current page.

Does this message only occur in IE?

Did you use a program like fiddler to see how they load? 

login or register to post comments

Hi Scott, Sorry for the slow

On June 25th, 2012 Phil Belenkin says:

Hi Scott,

Sorry for the slow reply, I'm based in the UK and I wasnt in the office on Friday.

I'm afraid this looks to be a bug with the Query Menu iPart. This iPart allows you to map the results of a query using the Google maps API. It looks to be loading the API when it doesnt need to and using http when the site is using https.   I've been trying to figure out a work around but without much success so far, I think we'll have to go via support and raise it as a bug.

Phil

login or register to post comments

Thanks Phil

On June 25th, 2012 Scott Rowan says:

Thanks Phil - is it possible to use a workaround like Vince suggested?

Or is it possible to turn off the mapping functionality completely on a short term basis by removing reference to the google api? from the querymenu ascx file?

Thanks,

Scott

login or register to post comments

Yes we can :) I've just

On June 25th, 2012 Phil Belenkin says:

Yes we can :) I've just checked as I thought the API was being injected using server code, but it isn't.

You need to find: QueryMenuDisplay.ascx

It should be located: under your net folder, something like: C:\Program Files\ASI\iMIS15\Net\iparts\Common\QueryMenu

Near the top of the file is the line  importing the Google API, if you add a "s" in as per the snippet below, that should remove the message for you when running imis over https.

<script type="text/javascript" src="https://maps.googleapis.com/maps/api/js?sensor=false">
</script>

 

login or register to post comments