As the safer HTTPS protocol is becoming more common than the older and less secure HTTP protocol, many pages move towards using HTTPS. In fact, any site with personal information and input like signup applications, questionnaires, and profile pages should use the HTTPS protocol.
Using HTTPS in Agillic with a custom domain requires the domain to be set up as a verified subdomain. You can read more about adding a verified domain here.
Agillic uses an SSL Certificate to encrypt the communication for HTTPS pages to make it more secure.
In this article, you'll find information about:
- Why a Page Might Fail to Use HTTPS Correctly
- How to Check if a Page is Using HTTPS Correctly
- How to Investigate Pages Which Aren't Loading HTTPS Correctly
Why a Page Might Fail to Use HTTPS Correctly
Even if a sub-domain is set up to use HTTPS correctly, you may still experience problems. This is often caused by some elements of the page still loading with HTTP which compromises the whole page.
How to Check if a Page is Using HTTPS Correctly
Most browsers display an icon to the left of the URL when loading an HTTPS page. It indicates whether the domain is using the protocol correctly.
The most common logic across browsers is:
- Green padlock icon - the webpage has an SSL certificate and is using HTTPS correctly.
- Grey Padlock with yellow warning icon - webpage may have a valid SSL certificate, but has issues loading HTTPS correctly.
- Webpage refuses to load - webpage doesn't have an SSL certificate at all but attempts to load via HTTPS.
How to Investigate Pages Which Aren't Loading HTTPS Correctly
- Open the webpage you wish to investigate using Google Chrome as your browser.
- Press F12 to open the Developer Tools.
- Select the 'Security' tab.
- Verify if 'Resources' show 'Mixed content'.
- Refresh the page again to see which elements are using HTTP.
- Click the 'View x Requests in Network Panel' link.
Any HTTP elements will show up.
If you discover that you have HTTP elements in your portal page, you might not have a verified domain registered in Agillic. In order to make sure that you only have HTTPS content on your domain, you'll need to set up a verified domain on your Agillic solution.