I have a solution which runs on a FM Server in Windows. My standard users connect via webdirect, my superusers have full clients.
The objective is that they can clearly see that the connection is SSL encrypted.
On the FM server, I installed a custom SSL certificate (SHA-1 Godaddy) and I can now get a healthy green padlock when I connect via a client.
On the IIS, I have also installed an SSL certificate on the IIS to protect the page.
However, when I connect through Webdirect I have a problem:
Initially, the landing page (username and password) shows the SSL padlock. The available solution page also shows the padlock. However, once the login is completed and I get to my initial layout, the padlock disappears.
I have ticked the progressive SSL download on the admin console, restarted the service, and I don't know what else to try.
When I check the warnings on the safari web inspector, it shows a series of messages like this: "The page at https://mysite.org.uk/fmi/webd#DBname was allowed to display insecure content from http:/mypage.org.uk/Streaming/MainDB/AA3ADC9FEEBDBBB0CF0AA14D9CA37175.png?
I assume webdirect is mixing secure and non secure elements... but I would really like to reassure users that there's encryption in place.