Starting this October 2017 the Chrome browser version 62 will start to mark all non secure web pages as “Not secure” in the browser address bar (ref). Is your website SSL ready?
Big web players such as Google, Amazon, Microsoft etc are all pushing for a 100% secure web.
That would mean every website connected to the internet would have an SSL certificate and rather than seeing HTTP in the browser you would always see HTTPS with the green padlock and the organisation’s SSL certificate confirmation.
Why is this important?
More and more daily activities and processes are being done online at an increasing rate, many of which involve personal and sensitive data.
The normal, insecure non-SSL, HTTP 1.1 protocol sends all your web page data, think any form or upload, in plain-text over the internet to a server.
Technically this data can be intercepted at any point along the line between your computer and the receiving server. Public WIFI hotspots, think McDonalds or your local coffee shop, are a favourite stomping ground for hackers looking to steal network data.
We’d rather not have any of our personal data fall into the hands of somebody seeking to share, sell or misuse it! It’s time to get secure.
Pretty much every hosting company will be able to set your website up for HTTPS by installing an SSL certificate onto the web server running your site.
Most of the hosting companies will charge for issuing and installing the SSL certificate but more and more companies are embracing Let’s Encrypt a free and open certificate authority.
That’s right – SSL for free!
If you host sites on your own server then there’s nothing stopping you installing the Let’s Encrypt agent and enabling HTTPS for all your sites. It even renews the certificate automatically on expiry so you don’t have to do a thing once it’s installed.
At Zero Point Development we run Let’s Encrypt on our nginx servers running HTTP 2 which requires all web pages to run on HTTPS.
If you’re still on the fence about implementing SSL on your site, please watch the Mythbusting HTTPS video from Google’s Progressive Web App Dev Summit 2016.
It covers four common “issues” that users perceive will happen when moving to HTTPS:
- My site’s not important enough for HTTPS.
- HTTPS will slow down my site.
- HTTPS will cost too much money.
- I can move my site to HTTPS, but what about the 3rd parties I depend on?
If you still have some questions over moving to HTTPS or SSL certificates let me know down below.