What this means is that while the page itself is being delivered securely, some images or scripts are being referenced by http instead of by https.
For example, in your custom journal stylesheet, you might have an absolute reference like:
background-image: url(http://mysite.tld/ojs/public/some.png);
Or in your custom HEAD code, you might be referencing something via http:
<script src="http://cdn.resource.tld/common/script.js" />
Or, an image might be referenced with an absolute URL:
<img src="http://mysite.tld/ojs/public/header.png" />
You can use the browser’s Inspector tool (press F12), particularly the console or network tab, to find the offending references.
