Using SSL to secure pages - Many GK items not secure.

We have an SSL certificate, and when I go through Virtuemart to the pages that should be secure, there are many GK items that are not loading secure.

Some prime examples, css files, images, and links.

As somebody that has gone through this process before, everything that loads on an SSL page should be displayed with https, otherwise you end up with a partially encrypted page.

I would have assumed that GK would have put in some code to automatically use https when told to, but it appears not. I have tried turning on Force SSL, which helped fix this same issue on a template from a different company (Minus my custom modules, which I had to modify myself).

How can I change this?

I have the same issue on a site I built: https://www.cischarlotte.org/donate/

The page loads as HTTPS but certain css files and images referenced in the css files (like background images) are still loaded through HTTP (instead of HTTPS).

Anyone got ideas on this?

Since the Gavick team doesn't seem to care about this, get yourself the Akeeba Admin Tools. There is an option in there to secure all non-secure items when using SSL.

I figured out why mine wasn't working.

I am using the "sh404SEF" component and after playing around with some options, found out that the "live_site" variable in my configuration.php was not allowing some stylesheets (and background images referenced in the stylesheets) to be referenced using the HTTPS protocol in Gavick website templates (they same probably applies to other templates too)

So by removing the domain from the "live_site" variable and finding a "Yireo SSL Redirection" plugin, the HTTPS portions of the site are working and fully encrypted.

Also, something else I noticed, I was using some social media iframe code (for Facebook/Twitter modules) and they were being referenced using HTTP. So have a look in your source code and look for paths to any images/css that aren't being HTTPS referenced.

I also confirmed that the fixes above worked for another website/online store I built for a customer that is using VirtueMart.

Send me a link to the website you are referencing and I can do a quick scan of the code for you.

Removing your live_site variable in sh404SEF will most likely result in future issues (Check their forum and see how many problems people have when this is left empty).

The only items on my page that were not loading with https were all Gavick items. I have done full PCI compliance before, so I have had to go through securing the site in full.

The Admin Tools plugin from Akeeba will secure the rest of those links for you without having to compromise your sh404SEF installation.