Implementing Forced TLS/SSL

[racingyacht]

Hello:
I have followed the install guide for Nagios Core, and I'm in the process of securing the service.
SSLRequreSSL is been enabled in /etc/httpd/conf.d/nagios.conf for the following directories:"/usr/local/cgi-bin/sbin" and "/usr/local/nagios/share" and a valid SSL certificated from a CA has been installed.
httpd has been restarted without any errors. However, when I checked browser security in Chrome and Firefox there is secured and un-secured content on the web pages.

How do I ensure that all Nagios content is being secured on the pages that are displayed?

Many thanks

[abrist]

What content is unsecured? images?

[racingyacht]

Hi,
The paddlock show a warning sign. When I check the security of the browser it confirms that the page is secured using our certificate. Here is the message:
Your page is encrypted with 256-bit encryption.
However this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page.

Regards

[abrist]

I just checked my core boxes and the only unsecured content are a few images which is not a big issue. Have you noticed anything else?

[racingyacht]

There is a http link to Nagio's Copyright which I believe is the cause of the problem.

[scottwilkerson]

Actually I believe it may be the image in the feed under the "Don't Miss..." section on the homepage