How to serve up non-secure master.css for https scripts

I have several scripts on other servers that need to reference a master.css. The problem is these other scripts are running over https and master.css is on regular http and when referenced I get the error about mixed content types (some secure, some non-secure).

Can I create a reference to the master.css over https? Something with mod_rewrite or some other kind of alias?

Thanks!
-dave

a CSS file can be used on both http and https connections. When you get a message regarding secure and non-secure references, it's referring to there being a reference for both https and http in the code. In other words, if you explicitly state http:// somewhere in the CSS file, it will cause that problem when trying to access an https site. If you can, use relative paths as opposed to absolute paths.

Are you sure it's the css file causing the problem?

In the https html code I'm referencing an absolute path to an http server; that's how I have to do it. So I need the http server to serve an exact copy of the master.css but over https. How can I create that duplicate copy automatically?

Alright... I think I might be misunderstanding, but let's try to clarify...

In the HTML code itself, you have an absolute path to an HTTP server?

In the CSS file, there are no absolute paths, correct?

If both of the above were answered yes, then I'm not sure why you need a copy of the master.css file.

At the top of your HTML code, you will have a reference to master.css which doesn't matter whether you're viewing it in HTTP or HTTPS. If you have an absolute path to HTTP in your HTML code, then copying the css file isn't going to do anything. The non-secure dialog box refers to the absolute path in your HTML code.

(Of course, if you are referring to the absolute path being in your CSS file, then let me know.. I might have misread your post).

Hey Hiker, thanks for helping.

Well my style sheet is this:
http://www.swfwmd.state.fl.us/level3.css

And my script would be on a server like this:
https://www5.swfwmd.state.fl.us

So I need to reference the level3.css in the https environment but I need to avoid the non-secure dialogue, so I need to create a https version of that level3.css on the www server, right? What do you think?

When you reference your css file in the HTML code, what is your code?

Generally, it would be something like:

typenerd, we're making a few assumptions because you haven't fully explained your situation. Be specific, don't expect us to know your environment, and don't expect your environment to be identical to what we've used.

Are your SSL and non-SSL servers the same server with the same document root?

They'll need to be in order for hiker's approach to work, and I'm thinking they're not since www5 looks like it's part of a cluster. Do you have a single non-SSL server at www and several SSL servers in a cluster at www#

Please provide some information about your infrastructure and Apache configuration in relation to SSL. Some environments have separate DocumentRoots for non-SSL and SSL files and some don't; we need to know how things are setup.

Sorry for not being around here; work got busy and I forgot about this post. Yeah, the paths are two completely different computers, www is a freebsd box while www5 is a windows .net server.

So the www5 developers always make a copy of my www/master.css and when I update it I have to coordinate that they update their copy. They should just reference the file, but they're in an https environment and www/master.css is over http, not https.

So I need a way to reference master.css over https; therefore I need a way to serve the same master.css over http and https.

Sorry I didn't write clearer posts earlier. Thanks for the discourse so far.

Here are some possible solutions:

1) Enable SSL on your server, assuming you have a wildcard certificate that can be placed on your server, too.

2) Setup rsync in a cron to either send your css (and any other file) to the SSL servers or on the SSL servers to get the css from your server (see the rsync man page).

3) Get FTP access to the SSL servers so you can upload your css. This could be a separate folder, and the FTP settings could be made to only allow you to upload to that folder (and even make it so you can only overwrite files instead of being able to create new ones).

4) Have the SSL server administrators setup a reverse proxy to bring your server into their local URL space, but I'm not sure how well this will work between SSL and non-SSL servers.