Recently we did a certificate request with an IIS server and loaded the received certificates under Enterprise Trust and imported the certificate into IIS.
When we visited the website, we noticed that the newly loaded server did not present a green lock but instead loaded a
- Visit Why No Padlock? https://www.whynopadlock.com/index.html
- Visit Comodo’s SSL Analyzer
- Double check your code of your website to make sure that images and links have https
- Use relative links and not absolute
- Example – Don’t use Use
- Use IISCrypto.exe from Nartac Software to disable vulnerable encryption methods that may show up on the above websites
Here’s something that will help you – We followed all of the advice above and still received the favicon and not the green lock we wanted.
Although the site is encrypted, the green lock missing creates a feeling of not being secure.
Seeking more information, we found that if you hit Ctrl-Shift-j in Chrome, you could see what was not secure. We found that our customized 404 error was pointing to our IP and using http.
To fix this, we opened IIS and changed the unsecured reference to our 404 error to https and the FQDN (web address).
Running Ctrl-Shift-j again after visiting the site, it then showed no errors.
Be sure to read A Cipher Best Practice: Configure IIS for SSL/TLS Protocol over at Petri and take a look at SChannel information at Microsoft