Ever spend endless time trying to find that one, tiny, insecure image call on your secure check-out page that’s causing the padlock to be broken in every web browser? I have. Many times.

And I’m betting you have too. In fact, it is one of the things that frustrates us the most when helping clients track down security problems.

So we decided to come up with a solution to take the pain out of this long search…

Why No Padlock was born

www.WhyNoPadlock.com started as an internal script to make it easier to find SSL issues. But we quickly realized that this could be a valuable service to any website owner that maintains an SSL certificate and secure web pages.

So we spruced it up, added more functionality, and even overcame the limitation of detecting insecure image calls inside of an externally called JavaScript file.

It’s a great tool for any ecommerce merchant or website owner to have in their arsenal for making sure their https secure pages are actually secure.

What it checks

The service does the following checks on any secure page:

• Verifies the SSL certificate is installed correctly and is not expired.
  The results display the expiration date and the company that issued the SSL certificate. Intermediate certificates are checked. It also makes sure the URL domain name matches the certificate domain name.

• Verifies that all images, css, and JavaScript files are called securely.
  For a secure page to display the padlock in the browser, every loaded item on the page must also be called securely.

• Verifies all externally loaded css and JavaScript files load their items securely as well.
  This is the one that stumps most people when searching for that pesky insecure call. The service will make sure your css and js files (even remotely called ones) are loading secure images.

screenshot (click image to enlarge)

So easy to use

All you have to do is paste or type the full secure URL into the text box. It’s that easy.

As long as your secure page does not require a username or password, or for you to be signed-in to reach it, the script can fully test the page.

For ShopSite ecommerce merchants, simply click on the checkout button (or register/sign-in link to test the secure customer registration area) in your store, and copy and paste the full URL in the address bar.

…

So give www.WhyNoPadlock.com a try, and find out if your secure pages have any issues. Why does it matter? Because one small insecure image can stop a sale from completing.