I've just got a site running nicely with the whole site running through SSL, but Google Chrome is throwing a "This page contains some insecure elements" message, which isn't good in terms of end user trust-ability. All other browsers work fine, and give the golden padlock.

The site is a Drupal 6 e-commerce site, running on apache2, and the error appears in the front end as well as the admin area.

Does anyone know of any methods to find out exactly which elements are being considered insecure?

Edit: I've used Fiddler to check the traffic, and it really is all HTTPS. It even complains on the site holding page, which is very light and has no javascript etc on it...

It could be a browser issue? Have you tried restarting, or clearing all of your cache?

In Chrome, this is trivial. Hit ctrl+shift+j to open the developer tools, and it will plainly list the URL of the insecure content.

Try it on https://www.fiddler2.com/test/securepageinsecureimage.htm, for instance.

I just had a similar problem. Turns out it was a hardcoded background image URL in a CSS file.

You should particularly check any 3rd party stylesheets you are using, as they may hotlink to an image on another server.

Easy solution? Save those images to your server and change the URLs to relative paths in the CSS file.

Hope this helps!

Search the source for http:? Something like <Ctrl-U> <Ctrl-F> http: in firefox should do.

The insecure element is something loaded over insecure — non-https — connection, e.g. image, stylesheet, etc. you obviously need fully qualified URL to load insecure element/

Use Firebug plugin of Firefox. In the NET tab all file locations are shown clearly. Try to find any files that are obtained from http protocol.

It's probably related to this bug:

http://code.google.com/p/chromium/issues/detail?id=24152

Which is why a restart fixed it.