Solved Websites reporting not Secure but it is
-
Many websites when first going to their site, I get the error message The connection is not secure. I know that it is, so I click continue to site, and it shows the lock in the bar. Here is one.
https://www.4logowearables.com/cgi-bin/hw/hwb/chw-pseudoHome.w?hwCN=153155149154150&hwCNCD=cjdEldNkkUilkElj&hwST=1
This is just a big annoyance. -
Actually, it looks like it is the site that is causing this. Even when going direct to HTTPS, it redirects to HTTP, then back to HTTPS.
The reason is this, in the HTML of the secure front page:
<meta http-equiv="refresh" content="0; url=http://www.4logowearables.com/cgi-bin/hw/hwb/chw-pseudoHome.w?hwCVD=alpgenericWebsite" />Developer and Security Expert at Vivaldi.
-
@rltidd57
Hi, I donยดt get this message using your link on Vivaldi 5.6.2867.62.
Please add your Vivaldi and OS version.
Test this in a private window or the guest view.https://help.vivaldi.com/article/guest-view/
Cheers, mib
-
I am afraid you are not providing enough information (more details is needed about the text of the certificate errors). Once you pass such dialogs the site is always ranked as unsecure.
Common issues:
If you get a warning about "unknown certificate issuer" or similar, then your system certificate repository is probably out of date. This is especially a possibility if when using an End-Of-Life version of Windows. (Windows 7, for example, is missing the Root certificate used by Vivaldi.net, unless manually updated).
Wrong system time might also be possibility, but in this case that would mean 6-8 months wrong in either direction.
-
@mib2berlin 5.6.2867.62 (Stable channel) (64-bit)
Windows 10 -
@yngve This is all I get. Clicking on continue to site, allows me on the site and shows the lock.
It is not only on this site. I get this quite often on other sites.
-
@mib2berlin It worked correctly in a private window. Not sure what that means.
-
@rltidd57 Probably an extension or an obsolete cookie. Did you try to disable them to see if it works?
-
-
@mib2berlin removing cookes and emptying cache did not help. I guess I will run thru my extensions. Thanks
-
Turned off all my extensions, restarted vivaldi, same result.
-
@rltidd57
Hm, sometimes disable an extension in not enough, you have to remove it.
Or your profile is broken, if it bother you to much you can reset it.
If you use sync it is not much work but manually it need some work:Cheers, mib
EDIT: You can create a new profile for testing but I guess it will show the same as a private window.
https://help.vivaldi.com/desktop/tools/user-profiles/ -
I get the same behavior at my smartphone, which has an adblocker VPN installed (Blokada). probably you have a similar extension at your everyday profile
-
It's some kind of site misconfiguration (HSTS?) caused by the "Always use secure connection" setting.
I get the exact same in Chrome, Chromium, Opera, Brave if the setting is enabled. Firefox and Edge seems to handle it for some reason. Probably @yngve would have some idea. But one just cannot expect browsers to handle badly configured web sites.
-
@rltidd57 You are accessing the HTTP URL directly, not the HTTPS URL (I recommend checking your bookmarks and typed URL), and you have probably enabled the "Always use Secure Connection (HTTPS)" in the Address bar preferences. That error will always be displayed if you go directly to the HTTP URL.
-
@yngve But shouldn't the browser if "Always use secure" is enabled detect the site is running HTTPS and connect to it without the warning? The site has a valid cert and testing with curl throws up nothing special, it just does a redirect to HTTPS:
$ curl -IX GET http://www.4logowearables.com/ HTTP/1.1 301 Moved Permanently Date: Sat, 04 Feb 2023 23:31:54 GMT Transfer-Encoding: chunked Connection: keep-alive Cache-Control: max-age=3600 Expires: Sun, 05 Feb 2023 00:31:54 GMT Location: https://www.4logowearables.com/ Server: cloudflare CF-RAY: 794733db6fc2b4fa-OSL $ curl -IX GET https://www.4logowearables.com/ HTTP/2 200 date: Sat, 04 Feb 2023 23:32:02 GMT content-type: text/html last-modified: Thu, 19 May 2016 03:51:50 GMT accept-ranges: bytes cf-cache-status: DYNAMIC server: cloudflare cf-ray: 7947340d4d4eb523-OSLIt would just be interesting to know what goes on here, and why Edge/Firefox works differently. "Always use secure" is still an experiment in Edge (has to enable the flag for testing), and in Firefox it's called "HTTPS-Only Mode" and both seems to handle it.
I suspect some weird TLS/SSL handshake server misconfig.
-
Actually, it looks like it is the site that is causing this. Even when going direct to HTTPS, it redirects to HTTP, then back to HTTPS.
The reason is this, in the HTML of the secure front page:
<meta http-equiv="refresh" content="0; url=http://www.4logowearables.com/cgi-bin/hw/hwb/chw-pseudoHome.w?hwCVD=alpgenericWebsite" />Developer and Security Expert at Vivaldi.
-
-
@yngve I put the s in http in the saved bookmark and it loads fine now. Thanks so very much. Any other sites that this happens with me, I will check the bookmark.
Have a GREAT day! -
@rltidd57 I get the same error message. I think its something in Vivaldi developer panel.
-
Ppafflick marked this topic as a question on -
Ppafflick has marked this topic as solved on
-
Ppafflick moved this topic from Vivaldi for Windows on
-
@yngve said in Websites reporting not Secure but it is:
Actually, it looks like it is the site that is causing this. Even when going direct to HTTPS, it redirects to HTTP, then back to HTTPS
OK, you are saying that the Google Maps website is designed wrong and it is Vivaldi that is white and innocent and designed correctly? Ridiculous.
Google Maps is happily used by millions of users worldwide on all browsers and only Vivaldi causes that problem, and you are trying to say opposite, giving some ungrounded fluff about <meta> tag.OS version: Win 11 23H2 build 22631.4169
Vivaldi version: 6.9.3447.48 (Stable channel) (64-bit)
