SSL breaks for any custom image

  • 13 September 2012
  • 9 replies
  • 50 views

Note: Picked the wrong category, should be in problems.

Hi,

I was able to reproduce when your SSL breaks. Every page that includes a custom image (profile,logo/favicon), the image is being served from a non-SSL domain:

http://cdn.freshdesk.com/data/helpdesk/attachments/...

From what I see, you are using S3 for your CDN. Forcing HTTPS itself on the URL won't work:

https://cdn.freshdesk.com/data/helpdesk/attachments/...

This is because S3 does not serve a certificate unless you are using their subdomain. I would recommend using the following URL:

https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/...

Please fix this so we can use SSL on our helpdesks without the warnings.

Thanks,
Swaroop

P.S. Nice bumping into you guys at Disrupt again. Expect more bug reports as I start using Freshdesk fulltime 😉

This topic has been closed for comments

9 replies

Hi Swaroop

Yes, we're aware of this problem and as you pointed out the Certificate doesn't reflect to the Amazon domain, hence this SSL error/warning comes up

We are working with our Infrastructure provider to address this and all the assets will be moved to secure CDN links in couple of months time.

regards
Vijay
Alright, I now see you have switched to S3 urls but the prefix is still http and not https.

 I've been considering signing up for FreshDesk for a couple months now and watching a few of the threads here to see how things are responded to and how things move along. This thread in particular is one I noted to re-visit, and I'm wondering - was there a final resolution in regard to this issue?

+1 on this.

This is also a problem with profile images -- they are always served over HTTP, even if "Enable SSL" is turned on.


It should be really easy for you to fix this by using protocol relative URLs to access your CDN. For example, instead of:


    <img src="http://s3.amazonaws.com/cdn.freshdesk.com/.....


use


    <img src="//s3.amazonaws.com/cdn.freshdesk.com/.....


That way it will work for both HTTP and HTTPS connections.


We REALLY want to switch to using FreshDesk, but cannot while your SSL offering is broken like this.


Do you have any estimate of when this is likely to be resolved?


Thanks,


Fraser

No solution yet, and I doubt one is coming. If you are looking for evidence of how Freshdesk does things, here you go.

Yes a fix is planned, but once we started supporting SSL over custom domain, we will fix this

Currently all assets are loaded from Amazon and we have SSL only for *.freshdesk.com. We are working with our Hosting Provider but CDN is causing this fix to go slow. I have already raised this with my Product Management, but CDN is a big thing and they've assured a fix for this but unfortunately no ETA


regards

vijay

Hi Vijay, 

Just a friendly enquiry.  Has there been any progress on getting this issue sorted?
I look forward to your reply. 

Regards

Andrew

Hi All


Yes this has been addressed and we've implemented Cloudflare for CDN and also SSL over custom domain is supported too.

All assets will be loaded via SSL links and Buckets


regards
Vijay