Summary
Test your portal content to find any links, images or other media that use HTTP (not HTTPS) links.
Note: if your portal uses HTTPS in its URLs - you can see a padlock icon in the address bar - you do not need to test your portals. They are already secured with SSL. This test applies only to those customers who have not yet enabled SSL.
In February 2021, LearnUpon is changing to SSL (Secure Sockets Layer) standard for all portals.
The visible change to users is the HTTPS syntax, and the padlock icon, in the URL.
Your courses might contain linked content, which use non-secure sources (other sites which still use HTTP). To prevent any disruption to your courses or learners, LearnUpon recommends you test your portal content to find and replace any non-secure sources.
To run this test, you temporarily enable SSL on your portal using the tool provided, and then view your courses, using your browser's developer tools, to check the links for images and content.
Prerequisites to test the portal
- portal must not have SSL enabled
- you need an admin, manager or instructor user type on the portal, so you can access settings and check course content
If you're not certain if your portal uses SSL:
From main navigation, go to Settings > My portal > General Settings > Enable HTTPs/SSL to this portal.
Ensure this setting is disabled (greyed out).
The following screenshot shows the option in the General Settings page.
Note: if Enable HTTPs/SSL access to this portal is already enabled and appears green, do not change this setting. You do not need to test your portal: it is already secure with SSL.
Enable SSL temporarily for testing
LearnUpon provides a test tool in the form of a URL suffix, to check your portal for non-secure sources. You add it temporarily, rather than changing your portal settings.
From your Dashboard with URL similar to
http://myportal.learnupon.com/dashboard
add the following snippet at the end of the URL:
?testssl=1
End result:
http://myportal.learnupon.com/dashboard?testssl=1
Press Enter.
The browser redirects you to an HTTPS version of your portal. The padlock icon in the address bar shows you're in a secure version.
Check course content
Review your courses, including SCORM/TinCan modules, for any content that loads its resources (images, videos) from HTTP, thus not displaying the content properly. Use your browser's developer tools to view the Console, and see if any items present warning flags. You're looking for:
- onscreen: broken image icons - these icons indicate your browser can't find the image anymore
- within the dev tools: warnings about mixed content and insecure sources
- From the dashboard go to Courses > your course name.
- From the action menu select Preview Course.
- Review those modules which contain linked content: actual links, SCORM or Tin Can modules, videos or audio content.
Note: Since this test tool is designed for a specific user type, some parts of the application beside Courses and SCORM/TinCan modules might not work as expected.
Access developer tools in your browser
Current browsers include developer tools for viewing website code for errors. Look in the main menu for options like Tools, Web Developer, or Developer Tools.
Optionally: right-click the mouse > Inspect or Inspect Element to open dev tools.
Check your browser's help files if you can't find the options.
Disable the SSL test tool
To return the portal to HTTP protocol, log out and log back in again.
To use the test again, repeat the steps of adding the suffix to their URL.
The following screenshots show examples of different browsers with a sample insecure image source, and shows how they handle the image.
Chrome example
In the following screenshot, the server providing the image had 2 versions, one with HTTP and one with HTTPS URLs. So the browser shows the image. It generates an alert message. The message reads, in part:
Mixed contents: The page at [page source] was loaded over HTTPS but requested an insecure element [element name]. This request was automatically upgraded to HTTPS.
In the following Chrome example displaying a text and image module, there is no secure version of the image available, so the browser shows the broken image icon, with a similar error message.
Firefox example
Firefox displays an insecure image. The insecure connection icon appears in the address bar
In the developer console, the content includes a warning that mixed content is present on the page.
Safari example
Safari displays an insecure image. The padlock icon disappears from the address bar.
The developer console gives a warning that mixed content is present on the page.
See: