SOLVED https red and crossed

[Singa]

Usually it wasn't like this. Is there maybe some security gap?
When creating this post the https is as it used to be.

But when I go back to the front page or a thread it is still red and crossed. Some single threads still have it in yellow but most are red and crossed out, is this a problem on my end or has the site a problem?

 

[Minimaul]

Which pages are you seeing the first one on? It shouldn't be happening!

 

[Singa]

The forum page 'www.saintsrowmods.com/forum/' and basically everywhere I click except a few sites like the first site of Sandbox+ for SRTT for example is still yellow or the last site of this thread.
I'm really worried as I'm signed in to this site via Steam.

 

[Minimaul]

The forum page 'www.saintsrowmods.com/forum/' and basically everywhere I click except a few sites like the first site of Sandbox+ for SRTT for example is still yellow or the last site of this thread.
I'm really worried as I'm signed in to this site via Steam.

We don't get any of your Steam login details and we can't perform any actions as you on Steam with the information we get - we only get a steam ID (which is the same one in your profile link, so it's publicly available) and an authentication token. Nothing more.
When you sign in via Steam, you enter your Steam login details on a Valve website that then passes the steam ID and authentication token back to us - we never see your password.

I've reissued the certificate so it's a SHA256 signed one rather than a SHA1 signed one - it seems recent Chrome has just started complaining about it. To be clear: there's been no violation of the server, there's no reason to panic!

The padlock with a yellow arrow is shown when there is "mixed" content on a page - i.e. some of it is delivered over HTTPS and some of it is delivered over HTTP. This is usually because (like in this thread) someone's posted an image that is not delivered over HTTPS - like your imgur images. Signature images are another culprit. We can't rewrite those links to use HTTPS because we can't guarantee a third-party hoster is supporting it.

All of the content that's served from saintsrowmods.com directly is delivered over HTTPS - we actually redirect any unencrypted connection attempt straight to HTTPS - try it! http://saintsrowmods.com will redirect you straight to https://saintsrowmods.com.

 

[Singa]

Usually it showed the yellow one, when I was on the forum earlier today it still was and when I came back it was red and crossed like this.
I was just really worried about someone stealing my Steam password or something.

EDIT:
My frontpage now has a green https:

 

[Minimaul]

Usually it showed the yellow one, when I was on the forum earlier today it still was and when I came back it was red and crossed like this.
I was just really worried about someone stealing my Steam password or something.

EDIT:
My frontpage now has a green https:

Yeah, I've regenerated the SSL certificate using a SHA-256 hash rather than a SHA-1 one - Chrome has started warning on certificates using SHA-1 hashes under certain circumstances. I've disabled some of the older encryption methods and re-ordered the priorities so every user should be using the best possible encryption - as a side effect I think IE6 on XP can no longer browse the site

 

[Singa]

Wow, thanks for the quick replies and help. Now I can rest easily without worrying about the Deckers stealing my TF2 hats.

 

[Minimaul]

Wow, thanks for the quick replies and help. Now I can rest easily without worrying about the Deckers stealing my TF2 hats.

The security of users on this site matters to me. If this site is compromised or if it's configured badly I would take it as a personal failure. There's no reason for it not to be right.

Thank you for telling me!

Edit: yes, I took the server down to install the new certificate and to change the cipher settings. This is all because of http://googleonlinesecurity.blogspot.co.uk/2014/09/gradually-sunsetting-sha-1.html