GlobalSign Secure Site Seal - domcfg.nsf

anon-2424 · May 3, 2024, 11:44am

We currently have our https - domcfg.nsf configured to include the GlobalSign Secure Seal on the Domino login form.

This use the following code within a Passthru HTML field on the $$LoginUserForm

<table width=130 border=0 cellspacing=0 cellpadding=0 title="CLICK TO VERIFY: This site uses a GlobalSign SSL Certificate to secure your information." ><tr><td><span id="ss_img_wrapper_110-55_image_en"><a href="http://www.globalsign.co.uk/ssl/" target=_blank title="SSL Certificates"><img alt="Buy SSL" border=0 id="ss_img" src="//seal.globalsign.com/SiteSeal/images/gs_noscript_110-55_en.gif"></a></span><script type="text/javascript" src="//seal.globalsign.com/SiteSeal/gs_image_110-55_en.js" defer></script><br /><a href="http://www.globalsign.co.uk/ssl-information-center/" target=_blank style="color:#000000; text-decoration:none; font:bold 8px arial; margin:0px; padding:0px;">SSL CERTIFICATES - Get Info</a></td></tr></table>

GlobalSign have annouced that they will no longer be supporting this code and have indicated that we should use a new seal with the following code. They indicate "Copy and paste the following script into the HTML source of your site"

<div id='ss_gmo_globalsign_secured_site_seal' oncontextmenu='return false;' style='width:100px; height:50px'>
<img id='ss_gmo_globalsign_img' src='data:image/gif;base64,R0lGODlhAQABAGAAACH5BAEKAP8ALAAAAAABAAEAAAgEAP8FBAA7'alt=' onclick='ss_open_profile()' style='cursor:pointer; border:0; width:100%' >
</div>
<script>
window.addEventListener('load', () => {
let s = document.createElement('script');
s.src = 'https://seal.atlas.globalsign.com/gss/one/seal?image=seal_100-50_en.png';
document.body.appendChild(s);
})
</script>

We have attempted to replace the existing code in the Passthru HTML field on the LogIn form with the new code but this doesn't function -- just returns a blank field on the form.

Any thoughts as to how to resolve this.

Murray

jayve.javier · May 4, 2024, 10:38am

Hi Murray,

It looks like you extracted that new script from Step #3 of "How to install a site seal" in the official GlobalSign Support site:

As per my understanding, once you completed the steps, it should display an image (GlobalSign Secure Site Seal) in your Domino login form ($$LoginUserForm). However in your end, it is not showing.

When I checked the HTML img tag, it seems this part is not correct:

This may be the reason why it returns a blank field on the form if there's issue in HTML tags, attributes, and values.

To verify, I used official W3C HTML Validator: https://validator.w3.org/#validate_by_input

From there, I posted the script, hit the check button, and these are the results:

Based on the errors, we need to correct the HTML img tag.

To resolve, we should update to this:

Changes:

Put a space between img id value and alt attribute
Put another single quote in alt value

With that, please try the updated script to:

----------------------------------------------

<div id='ss_gmo_globalsign_secured_site_seal' oncontextmenu='return false;' style='width:100px; height:50px'>
<img id='ss_gmo_globalsign_img' src='data:image/gif;base64,R0lGODlhAQABAGAAACH5BAEKAP8ALAAAAAABAAEAAAgEAP8FBAA7' alt='' onclick='ss_open_profile()' style='cursor:pointer; border:0; width:100%' >
</div>
<script>
window.addEventListener('load', () => {
let s = document.createElement('script');
s.src = 'https://seal.atlas.globalsign.com/gss/one/seal?image=seal_100-50_en.png';
document.body.appendChild(s);
})
</script>

----------------------------------------------

Hope this helps.

Thanks,

Jayve

anon-2424 · May 6, 2024, 2:22pm

Jayve.. Many thanks for your comprehensive and useful reply.

I have checked this out further and actually modified your suggested code using the validator.

I now have the following modified code for the GlobalSign script. Changes in red.

<!DOCTYPE html>
<html lang=en>
<head><title>
<div id='ss_gmo_globalsign_secured_site_seal' oncontextmenu='return false;' style='width:115px; height:57px'>
<img id='ss_gmo_globalsign_img' src='data:image/gif;base64,R0lGODlhAQABAGAAACH5BAEKAP8ALAAAAAABAAEAAAgEAP8FBAA7' alt="" onclick= 'ss_open_profile()' style='cursor:pointer; border:0; width:100%' >
</div>
<script>
window.addEventListener('load', () => {
let s = document.createElement('script');
s.src = 'https://seal.atlas.globalsign.com/gss/one/seal?image=seal_115-57_en.png';
document.body.appendChild(s);
})
</script>
</title>
</head>

This now passes the validator check but still doesn't generate the GlobalSign Label on the form.

I plan to pass this back to GlobalSign for their recommendation on why it doesn't function. As we both know the original GlobalSign HTML code had errors - so definitely wouldn't function correctly.

I will post their feedback and hopefully the solution.

Thanks again for your assistance so far.

Murray

jayve.javier · May 6, 2024, 5:00pm

Hi Murray,

Appreciate your feedback.

You might want to try the steps below to troubleshoot in Notes/Domino side first:

1. First off, check if DominoDisablePassThruHTML setting was set in notes.ini of Domino. If so, ensure that the value is 0 to allow passthru HTML.

2. Then, check if there is hidden text field started with $$HTMLOptions_somefieldname in your $$LoginUserForm. If so, check the value if this was set to DisablePassThruHTML=0.

The reason you need to check those options is because based on the note in this link:

https://help.hcl-software.com/dom_designer/12.0.2/basic/H_CONTROLLING_HTML_OPTIONS_IN_A_FIELD.html

Stated that...

Note: Because this setting overrides the server setting for disabling passthru HTML on this specific field, specifying a value of 0 will allow HTML to passthru for this field even if the the server has set DominoDisablePassThruHTML to disable passthru HTML.

3. Once done, use only the updated script in your $$LoginUserForm:

<div id='ss_gmo_globalsign_secured_site_seal' oncontextmenu='return false;' style='width:115px; height:57px'>
<img id='ss_gmo_globalsign_img' src='data:image/gif;base64,R0lGODlhAQABAGAAACH5BAEKAP8ALAAAAAABAAEAAAgEAP8FBAA7' alt="" onclick= 'ss_open_profile()' style='cursor:pointer; border:0; width:100%' >
</div>
<script>
window.addEventListener('load', () => {
let s = document.createElement('script');
s.src = 'https://seal.atlas.globalsign.com/gss/one/seal?image=seal_115-57_en.png';
document.body.appendChild(s);
})
</script>

4. Do not include the following tags:

<!DOCTYPE html>
<html lang=en>
<head><title>

and

</title>
</head>

5. Place the updated script at the top of the $$LoginUserForm. Like in this location (green box):

6. Please note that the updated script text shows highlighted because these texts has to be selected as "Pass-Thru HTML".

7. Save and close the form.

8. Go to server console, restart the task HTTP by issuing the command:

tell http quit

load http

9. Before you test, I saw this FAQ in GlobalSign Support site:

10. You may wait after 30 minutes then test.

Note: If there's changes in Domino notes.ini, make sure the server restarted before testing.

If the issue still persists, I totally agree that you need to check with GlobalSign support for further analyzation.

Thanks,

Jayve

anon-2424 · May 22, 2024, 1:12pm

Jayve -- final update.

Applied the corrected code and still nothing happening -- until I happened to check the Domino server console and noticed that 2 IP addresses were being block by our server. We had these active on the server to stop Spam type attacks -- and once removed the Gloabl Sign links worked as exepcted.

Guess there is always a "got cha" luking around :)

I have reported that error in the original Global Sign code back to them.

Thanks for your assistance.

Murray

jayve.javier · May 25, 2024, 5:01pm

Good to hear that Murray. Thanks for sharing.

anon-2594 · February 12, 2025, 4:59pm

Hey Murray,

I’ve run into similar issues before when updating third-party scripts. It might be a conflict with how Domino handles the Passthru HTML. Have you tried placing the script just before the closing </body> tag instead? Sometimes placement affects execution. Also, understanding how different platforms work together is crucial, kind of like knowing the mvp development company for startups. Maybe try testing it outside of Domino to see if the script itself works first.

Hope this helps!

anon-2424 · February 13, 2025, 12:01pm

Hi Oliver. Thank you for the feedback and recommendation. As logged above I did actually resolve the issue. Basically - believe or not -- GlobalSign's new HTML code had some errors which stopped their server logo and details loading correctly. Once corrected all good to go. GlobalSign did -- finally -- acknowledge that their code was wrong and took on board the correct version :)

Cheers Murray