Geek Answers Handbook

IE: HTTPS security compromised by res: //ieframe.dll/sslnavcancel.htm

I am working on an e-commerce application that has many areas of HTTPS only. This particular error occurs only in IE (at least 10, others have not tried it), and this only happens on one HTTPS page in the entire application.

From the study, I understand this is a warning about mixed IE content. This is very confusing because IE is the only browser that has any problems with this page. All other relevant browsers do not complain about any mixed content.

Can anyone shed some light on what sslnavacancel.htm is? Or, how to expand further to understand which resource can actually cause this problem?

Thanks in advance.

+7
internet-explorer
source share
1 answer

Problem : res://ieframe.dll/sslnavcancel.htm is the embedded HTML resource in the ieframe.dll file displayed in IE to indicate that some resource has been blocked because it was signed with an invalid certificate. A certificate can be considered invalid for a number of reasons, including if the certificate has expired or there is a mismatch between the host name in the certificate and the host name actually used to obtain the resource.

Solution . You can try installing the Fiddler HTTP debugging proxy and running it when testing your website in IE10. Fiddler is located as an HTTP proxy between your browser and HTTP servers and (among many others) will let you know if any resource has an invalid certificate. Launch Fiddler, go to Tools | Fiddler Options | HTTPS, check Capture HTTPS CONNECT, check the decryption of HTTPS traffic and make sure "Ignore server certificate errors" are not checked. Restart Fiddler, visit the website in IE, and then view the Fiddler log for resources with invalid certificates.

+5
source

More articles:


All Articles