Https, which stands for secure http, is used instead of http to do two things: confirmĀ the identity of the site youāre connecting to, and keep your communicationsĀ with that site secure by encrypting it all.
If something is wrong, the browser will often display a warning, but in someĀ cases it will do nothing more than turn the https indicator red, or put a lineĀ through it.
Unfortunately, āsomething is wrongā can mean many things, ranging from aĀ serious security issue to a benign oversight by the websiteās owner.
Become a Patron of Ask Leo! and go ad-free!
Your browser should warn you
In most cases, when you first connect to a website that has an https problem,Ā your browser should warn you.
For example, if you visit https://askleopodcast.com (a demonstration site I have), Internet ExplorerĀ will notify you of an error1:
The security certificate presented by this website was issued for aĀ different websiteās address.
The security certificate includes the name of theĀ site youāre going to. For example, if youāre attempting to visitĀ https://paypal.com, the certificate there will confirm that it is, indeed, theĀ real paypal.com. This error indicates that the certificate does not match the domain.Ā You may not be visiting the actual site you think you are.
IEās error message actually sums it up quite nicely:
Security certificate problems may indicate an attempt to fool youĀ or intercept any data you send to the server.
The address bar continues to warnā¦
Continuing through to the site regardless of the warning, IEās address barĀ continues to indicate that thereās a problem.
The address bar is given a red background and the red security icon isĀ present, along with the words ācertificate errorā.
Similarly, Google Chrome turns the https red and draws a line through it.
Clicking on the broken padlock in Chrome displays information about theĀ secure connection and its problems.
Clicking on IEās red security shield in the address bar, or the highlightedĀ domain name in FireFoxās address bar, will also display additionalĀ information.
What should you do?
Unless you know for a fact that the error is benign, cancel theĀ operation and do not visit the site, especially if itās aĀ financial institution or a site that deals with your personal and privateĀ information.
It could be a trap.
Contact the institution some other way to clarify the error, and make sure your system is free of malware and otherwise secure.
Often, itās benign
I do want to be clear: unless youāre a system administrator of some sort, youĀ should never see a certificate error. Thatās why I said above that if youāreĀ the least bit unsure, stop.
Howeverā¦
The most common causes for certificate errors areĀ actually quite benign.
First, check your computerās clock and timezone setting, particularly if you see this error on multiple https sites. The certificate-validation system relies on your computerās concept of time being relatively correct. If itās not ā say you have the wrong timezone selected, the wrong year, or just the wrong time ā then certificate errors are one possible side effect.
Second, if you feel so inclined, look at the more detailed information for the certificate, and check the expiration date. Certificates expire, and sometimes the websites forget to update theirĀ certificates in time.Ā I know, because Iāve done it ā¦ or rather, forgotten to do it.
Thus, if you can examine the message associated with a certificate error,Ā and you can determine that the only problem is that the certificateĀ has expired, and expired recently (typically, these cases are fixedĀ within 24 hours), then it may be OK to proceed: encryption may still be operative.
On the other hand, itās also safe to simply wait a day.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
could there be other reasons? I know for a fact that our certificate on a site is good and will not expire for at least 2 more years. and when I am on the site (in Chrome) certain pages have the red line going through the https. Could placing links to outside websites cause this problem? I have been trying to diagnose the problem for a few days. Glad I received this article in my e-mail today! :-)
06-Apr-2012
Follow-up to first commentā¦ since IE often asks whether a user wants to display only secure contnot, how can a user who responds that they are willing to allow both secure and nonsecure content tell which is secure and which is not?
08-Apr-2012
Leoās discussion shows a sample ābadā website. But he blurred the URL. Is there a āvalid badā website that one can visit just to see what other browsers do or do not do when they encounter an invalid certificate?
I have had that Certificate error page on a new Windows install. Had it for several pages including Googleās home page, Yahoo, Yahoo mail. Could not solve for awhile. Tried the clock, updating the certificate, restarting, EXing out of Chrome and IE and still could not figure it out. I then decided to do a Windows Update. When I went to to the update Microsoftās update told be to update the Update program first before I get any suggested updates. So I did the update of the Windows Update program and restarted. I then went to Google and the certificate error page was not there any more. Yahoo and Yahoo mail was working now as well. So I donāt know why just updating the Windows Update program fixed this problem. Can you figure this out?
My guess is the root certificates ā which are kept up to date with Windows Update ā were out of date. Root Certificates, you ask? Right here: http://ask-leo.com/what_are_root_certificates_and_why_do_i_need_to_update_them.html
this is the first example of what a website with trouble in content exists that I have seen. I have read many a article that
*talks* about potential threats but Leo, you defined it in a well done piece! thanks!
I guess this also reveals that I donāt read enough about the hazards of the Internet.
I belong to a professional listserve which has been in existence for more than 10 years, and Chrome insists that it is a dangerous, unverified website which is going to attack my bank accounts and sell my information to hackers and steal my identity. Totally ridiculous.
I can understand it saying unverified. Thatās often due to an oversight on the part of the web designers, but does it really say itās going to attack your bank accounts and sell your information to hackers and steal you identity? I find it hard to believe theyād use that language.
Um, hyperboleā¦ā¦.
Um, sarcasmā¦ā¦ā¦.
Indeed. A professional listserv should be running the latest and most secure technology to avoid these issues.
Howdy! Leo,
Iām using Firefox ESR 52.6.0 (32-bit) on a XP SP3 pc to read this page.
https://askleo.com/why_is_there_a_slash_through_the_https_in_my_browsers_address_bar/
Iām writing because in the Comment Section on May 21, 2015 at 9:02 am, You said to George Jensen ā Quite often itās because of āmixed contentā .
And also because I noticed the Security Padlock to the Left of the Link for this page has a Yellow Triangle with it.
So I Clicked on the Padlock and it shows this:
askleo.com
Connection is Not Secure
Parts of this page are not secure (such as images).
I donāt see this Yellow Triangle on other pages on askleo.com ā I just noticed it on this page today.
I know as hard as You try for perfection there is always one more (or less) keystroke a page needs to be perfect.
Hey!, Iām not perfect either, long ways from thatā¦..
Thanks for Helping us understand BITS of what our computer is doing by answering our Questions and including IMAGES to Help us understand what You wrote to us.
73 dit dit
Its usually because back in the day I would often āsignā my comments by linking to an image of my signature. That signature is remote content displayed on the page. It was linked using āhttpā, not āhttpsā, hence itās the mixed content warning.
On this Windows 7 desktop I have no problems. With my XP laptop right beside me I have the āThis connection is not secureā problem! I know the site is secure and my is my modem/wi/fi is password protected! I think it is the windows needs updating but that is no longer possible for XPs!
Quite often itās because of āmixed contentā ā the connection to page might be secure, but a connection to, say, fetch an image for that page might still be http ā or not secure.
For a short while I was getting a red slash through https when I would start going to my email (aol). However, I also noticed that there was an ad for a program in case my computer was āin dangerā (an aol ad). Once I continued on to my email, the https would go green again, so I just thought it was some ad ploy. Maybe I was wrong, but the ad isnāt showing anymore, and my https is green.
Thanks for this article, Leo. Very timely as Iāve seen several of these red slashes this week on Chrome. However, Iām sorry to say that I never got any warning message on Chrome, just the red slash and I didnāt know what it was. My anti virus programme didnāt react at all, so I went ahead with my transactions. What should I do now?! Thanks for any suggestions or advice.
I would click on the red slashed icon and determine what item on the page itās complaining about, if you can. Check the certificate involved and see if you can tell why itās complaining.
Recently had the red slash on my laptop while trying to pay for something (university dues)ā¦ red slash for two months. Tried a pc and no red slash. Could that indicate a problem with my laptop (virus, malware, ?) or does it just mean my laptop might need a windows update or otherwise be looking at the site differently?
If you click on the icon it will give you more details on the security problem. More than likely it is a problem with the website you are going to. Or it might be that your browser needs to update its security lists. Either way, this does not indicate a problem with your computer.
I have the same issue (https with red slash) appearing when I try to sign on to the same banking site I have used for the last 6 years. The certificate is good until March 2016, so I have no idea what is wrong, and I am not computer-savvy enough to know what my next move should be. Any simple suggestions? I am sorry to say I am very computer-illiterate . I use Kaspersky as my Internet Security and have never had a problem until this week.
Did you check your system clock? If thatās not the problem, Iād phone the bank to see if they know what might be happening.
The answers provided by this site was extremely helpfulā¦ Thanks
What about an IRS.gov website? I got this after asking for a reminder of my User ID. At the IP address sa.www4.irs.gov ā it never sent me the reminder email. I checked my spam box ā itās been over an hour.
I took your advice and clicked on the lock icon and it said that the site uses a weak security configuration (SHA-1 signatures), so my connection may not be private. And the icon of the lock with the yellow triangle tells me that identity of the website has been verified by Entrust Certification Authority ā L1C. ā¦ And āthe certificate chain for this website contains at least one cert that was signed using a deprecated signature algorithm based on SHA -1.
The green-background lock icon says that the connection is encrypted using an obsolete cipher suite. The connection uses TLS 1.2. The connection is encrypted using AES_256_CBC with HMAC-SHA1 for message authentication and RSA as the key exchange mechanism.
Any help would be appreciated.
I try to log into a UK server called āthepostofficeā using http://www.pobroadband.co.uk. Every time I log in using Google Chrome I get the Red https and a line through it. When I attemtp to go to the same address using either Internet Explorer or Mozilla Firefox the address is ok ā no red text and line through. Can anyone tell me how to get rid of the red text https and line through as I wish to use Ge Chrome for access to this site and not the other two browsers. It is most annoying as I wish to enter sensitive data into the site (My Account) and I dare not do this with the HTTPS slashed through.
Most Urgent if you please.
I clicked on that thePostOffice link and had the same results as you. Iād say the problem resides with the website. Until itās worked out, to be on the safe side, you should probably use IE or Firefox to access that site. As the song goes, āYou canāt always get what you want. Butā¦ you get what you needā
Chrome is being overly cautious. āThe certificate chain for this website contains at least one certificate that was signed using a deprecated signature algorithm based on SHA-1.ā Theyāre attempting to force websites to update their encryption technology (as they should), but I donāt see it as a crisis. For now, as Mark said, if you feel better use Firefox or Chrome, but I personally wouldnāt be concerned.
Leo, I am use both Google Chrome and Safari on my MAC. I get the red https when using Chrome on both my credit card page and my personal bank page. I donāt get the red https on either site for Safari. As far as I can tell, my Chrome is up-to-date. I have Kaspersky on my computer and I use it to get to my credit card and bank pages, but Kaspersky is setup to always open Chrome. So, now if I want to use Kaspersky as my frontal protection, I am going to webpages with a red https.
Thoughts?
Thanks, Anne
Example: Netflixā¦ all devices going thru my wifi connect perfectrly except my laptop that uses XP. It gets the HTTPS Slashed ānot safeāblah blahā¦ and there is no support for the XP. OR IS THERE??!!! The military still gets support for windows XP! I read about a guy who created a txt file and saved it with a diffeerent extension, added some info to his XP registry, and made his PC appear to be of the Military persuasion! PLEASE does ANYBODY know of a more reasonable way to jump this hurdle? The updates ARE there. Why wonāt Microsoft open a pathway to XP users? THEY LOVED US WHEN WE BOUGHT THE XPsā¦ā¦
Unfortunately, thatās one of the prices for using unsupported software. Problems like this will continue to grow as time goes on.
Please excuse my crassness, Leo. This is YOUR website. I acknowledge you; I meant no disrespect. My quest is true and honorable. You have my Email. Any insight you might provide me on this matter would be most graciously received. (And anyone elseā¦ for that matter)!
Donald Spicer
P.S. Thanks for this site; I appreciate the opportunity.
Thank you. My issue was the date and time were wrong on my laptop.
A slash line comes on https(red color) when i open the web page,when i right click it a message comes
in.yahoo.com
this site uses a weak security configuration(SHA-1 signatures),so your connection may not be private.
Details
when i click on details
a massage comes
security overview
this page is insecure(broken HTTPS) (n some more information like expires on 2017) ,my date n time r ok ,is it safe to use web,How can i solve this problem
You canāt. This is a server issue.
Hello.
Great help here. Thanks.
I am an e-commerce website owner and had an SSL certificate that has expired and I donāt wish to renew it. The problem is that the https appears crossed out to everyone. Plus, when I try accessing my WP-Admin, I get this warning: āYour connection is not private. Attackers might be trying to steal your information from http://somerandomservice.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALIDā
What should I do to fix this?
Is there a possibility that Iāve been hacked?
Thanks.
You need to renew the certificate. Very unlikely that youāve been hacked.
Hi. Thanks for your reply.
I donāt intend to renew the SSL. As a matter of fact, I have revoked it and 24 hours have passed since I received the confirmation for revocation but the error persists.
The error will persist until you get a current certificate in place.
funny as I read this info I see red line through the web page/man to many overkills these days, and just use logic
Hello, am having a problem with the buy now button, every time I try to copy and paste the plain link into my web page it has a red line drawn thru it. Could it be that my warranty has expired on my PC and can I buy the product from any electronic store.
This would be unrelated to any warrantee. This is all about the website from which you are attempting to purchase, and the specific link youāre using.
It sounds like it might be a problem with your browser.
https://askleo.com/dealing-with-browser-problems/
Clearing the browser cache would be the first thing to try as a corrupt cache is the cause of most browser problems.
Oddly, despite the text of this article, https://askleopodcast.com shows no certificate error (yes I know this is an old article) but this very page, https://askleo.com/why_is_there_a_slash_through_the_https_in_my_browsers_address_bar/ *does* show a certificate error. The warning messages are:
Firefox: āConnection is not secure ā parts of the page are not secure, such a imagesā ā Yellow triangle mark with ! over the lock.
Chrome is less obvious, but if one clicks the (!) mark in the address bar it gives much the same comment, including 16 cookies associated with the page.
I understand why, and Iām sure you do too, but maybe the text needs to be updated.
Help leo! Out of the blue I cannot access Google Chrome or Samsung Internet or any website whatsoever (this connection is not secureā¦someone may be trying to hack, etc.,) also cannot access PlayStore (no internet connection), cannot access any links within my gmails, cannot update security software and cannot access or change google password. I am stuck. I have android 8.0. I canāt download, upload, or anything. Every site crosses out the āhttpsā. I am going to cry. Is there nothing I can do?
Sounds kind of like your security software may be interfering, OR, indeed, that someone has hacked your connection. A crossed out āhttpsā by itself is nothing to cry over ā itās sadly quite normal. But Iām afraid without A LOT more specifics I canāt really advise you as to what to do next. Perhaps have a techie friend look at it?