Why do I see a yellow warning triangle on an HTTPS secured website?

Last updated: 14/01/2016

What does Google Chrome's warning triangle mean?

The yellow warning triangle you may see when visiting a webpage that's secured with SSL, is an indication that Google Chrome found insecure content on that page, either because the page contains both HTTPS and HTTP content, or because the browser detected that the website is using an obsolete encryption mechanism, such as SHA-1.

Is your browser unsafe?

A possible cause is that it's your own browser who's the culprit. Have a look at the following issues:

• Are your computer's date and time set correctly?
• If you're on Windows XP 32-bits, you should install Service Pack 3.
• If you're on Windows XP 64-bits or Windows Server 2003, install Service Pack 2 and the SHA-256 Hotfix.

Google's got a lot more to say about SSL errors on its Google Chrome SSL help page.

Can I test whether my browser is safe?

Qualys SSL Labs's browser SSL test page offers you instant insights in the security failings of your browser. 

Is my SSL certificate unsafe?

Are you the owner of the website?

You may get to see the warning message because your SSL certificate makes use of legacy encryption technology that's no longer viewed as safe. Google has decided to sunset SSL certificates signed with an insecure SHA-1 hash gradually by introducing browser warnings.

The most common cause for this warning, however, is that your site may be serving content both over an encrypted channel (through https://) and over a non-encrypted channel (through http://). Most often, this happens when including external images, javascripts or css. Check the hyperlinks in your document and replace them with https:// or protocol-relative links (links starting with "//").

Can I test whether my SSL certificate is safe?

For a full audit of your web server and your certificate's security, visit Qualys SSL Labs' test page at the following URL: https://www.ssllabs.com/ssltest/. The analysis will show eventual shortcomings in your web server's configuration, such as negotiating obsolete SSL protocol versions, and whether your encryption makes use of modern, safe algorithms.

If you fail to get a passing grade, or if you're really keen on that A+, try the following:

• If your web server is at fault, you should contact your hosting company to modify the server configuration, or to upgrade the web server software if needed.
• If your certificate shows shortcomings, for instance because your key size is less than 2048 bits, or because it was signed with an SHA-1 hash, you should consider requesting a re-issue of your certificate..

As a Kinamo customer, all you have to do if you want an SHA-256 certificate is to contact us and we'll res-issue your certificate for free. You'll find more relevant information about SHA-256 on the « SHA-1, SHA-2 en SHA-256 algorithms » page.

Never fear if you aren't a Kinamo customer yet. Most Certificate Authorities will gladly offer to add the remaining validity of your certificate to a new one, in some cases even adding 30 days for free. Have a look at our SSL certificates pages or contact Kinamo for advice on how to proceed.