Starting Januari 2016 Google Chrome (from version 56) will mark websites without a secure connection (https) that handle login data or payments as unsafe. In the address bar there will be a notice ‘Not Secure’. It is expected that other browsers will follow this example. In time Google wants to show a warning on all websites without a secure connection. In this article we’ll discuss what the changes are, what they mean for you and what you can do about it.
A website with a certificate and a secure connection can be recognized through the lock in the browser and the address in the address bar starting with https:// instead of http://. The certificate ensures that all communication between the visitor and the webserver is encrypted and authenticated. This ensures that the traffic cannot be snooped by third parties between the visitor and the webserver. A website without a certificate sends all communication plain-text over the wire. Password and payments that are not encrypted can be seen and abused.
An SSL certfificate also ensures that a man in the middle cannot change the data in transit. This is because the data is not only encrypted but signed as well. A non-encrypted connection allows for changes, for example the shopping cart or the text on a webste.
Because of this it is a good practice to also secure websites without payment processing or login data. Last but not least, secured websites appear higher in the google search results.
Do note that the certificate only secures the connection between the webbrowser and the webserver. It doesn’t tell anything about the security on the webserver, website software or the data processing policy of the website.
Error on non-secured connections.
Starting with version 56 the Google Chrome webbrowser will show an error on sites that have a login form or process payment data. The below image has an example of the error message.
If you have a website or webshop which processes payments or has a login functionality then this applies to you. Sites for clubs with a login-protected section or the company intranet as well for example.
If you have a webshop or site like described above, then it is important to secure the website regardless of the change in Google’s browser.
What can you do?
If you rent a server with CloudVPS then we can provide an SSL certificate for your website. We offer different types, for single domains, multi-domain, wildcards and multiple validation levels (with or without a green bar with the company name in the address bar).
If you get a certificate with us then we will install it on the server if you want to. We will also monitor the certificate for expiry.
All information on our certificates can be found on our website: http://www.cloudvps.nl/configurator/ssl/
You can also use Let’s Encrypt to get a free automated certificate. Let’s Encrypt is a service that wants to create a safer internet by making certificates easy and accessibe.
Let’s Encrypt does require modern server-software and manual installation of the Let’s Encrypt certbot software. Control panels like DirectAdmin and cPanel added support for Let’s Encrypt in recent versions.
Let’s Encrypt allows for automated certificate issueance and renewals, without manually requesting a new certificate every year.
If you want to know more about Let’s Encrypt for your website then don’t hesitate to contact us.