Tag Archives: SSL

Act Fast if Your Site Uses Certs from Symantec, Thawte, VeriSign, Equifax, GeoTrust or RapidSSL

HTTPS

In another issue, We’ve recommended that you should be running HTTPS, to protect your visitor’s interactions with you, and also to improve your ranking in Google search.  That’s still good advice.  However, HTTPS introduces some other complexities. One of them is the need to rely on a third party to issue the certificate that’s essential to running HTTPS on your site.  And what if that third party messes up?  We’re now learning what happens!

There have been multiple incidents of Symantec not following accepted industry procedures in the issuance of certificates.  Symantec is one of the largest issuers of certificates, so it tool a company the size of Google to stand up to them.  Symantec and other brands they own, listed in the title above, have been judged by Google to be not completely reliable.  So Google has established a time frame for ending Chrome’s support for these certificates.

What are the consequences of continuing to use these certificates as Google ends support for them?  Your visitors will see a security alert like the one at the top of the page.  That’s not what you want them to see!

There’s a good discussion of this issue in the WordFence blog, along with links to find the time-tables for nonrecognition of various certificates.

The Bottom Line

Check to see whether your site is using a certificate from Symantec or a Symantec company. If it is, make a change now.  If you’re using Dave’s Super Hosting Service, don’t worry, we don’t use Symantec certificates.

It's only fair to share...Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
Linkedin
Share on google
Google
Share on print
Print
protect your site with https

Let’s encrypt! It’s time for HTTPS.

What’s HTTPS?

HTTPS is the secure version of the HTTP (hypertext transfer protocol) that our browsers use to access Web sites, that your visitors use to access your own Web site. HTTPS protects communications between the client program that your visitor uses and your Web server, so that eavesdroppers can’t listen in, no one can tamper with data that’s transmitted, and your Web site data can’t be forged.  HTTPS allows your visitors to visit your site in privacy.

It’s growing in importance, and it’s time for you to adopt it, if you haven’t already, both because you owe it to your visitors and because not adopting it will impede your efforts to use the Web to promote your business.

Today’s Usage

Adopting HTTPS, which uses the SSL (secure sockets layer) protocol to communicate, so that it’s called either HTTPS or SSL, today will put you somewhat ahead of the crowd, except for financial systems and medical systems, which have widely adopted HTTPS.  However, HTTPS adoption grew by 80% last year, so its time has arrived.  Mozilla has reported that more than half of pages visited by Firefox now use HTTPS:

sites accessed by firefox using HTTPS

This doesn’t mean that half of all sites now use HTTPS; far from it, in fact.  This result is strongly skewed by the use of HTTPS for financial and shopping sites and by Google, which all together carry a significant portion of all Web traffic.

How to Convert

The mechanics of conversion have become less onerous now that there are low-cost certificates available, that are required for implementing HTTPS.  Most Web hosting companies can help out with the implementation; it no longer needs to be expensive or difficult to convert to HTTPS.  You’ll notice that my own site now uses HTTPS.

The method of conversion depends on how your hosting service is implemented and the technology that dellivers your site, so a discussion of that here wouldn’t be of much value.  Just understand that the technical work to be done is not difficult and shouldn’t be costly.

Why Convert?  Here Are Five Reasons

1. Protect your visitors’ privacy

Your visitors deserve to be able to visit your site in privacy.  In these days of ever-intrusive commercial data collection, HTTPS helps your visitors keep their private activity on the Web private.  Outside the US, of course, a visitor can fear exposure to the state of his Web activity.  HTTPS is a way of respecting our visitors.

2. Search engine ranking

Google has announced that the use of HTTPS is a ranking factor in your position in search engine results.  This can be viewed as a carrot–Google is offering better placement in search engine results for use of HTTPS, or as a stick–use HTTPS or suffer a penalty.  But however you see it, it’s real, and there are benefits to you from adopting HTTPS.

3. Browsers will mark HTTP as insecure

Today, browsers typically show a small lock next to the URL when HTTPS is used.  However, both Firefox and Chrome are preparing to mark HTTP sites as dubious at first, and then as insecure.  This is not something you want shown to your visitors!

4. HTTP/2

Finally, in 2015, the successor to HTTP/1 has been adopted, and HTTP/2 has many improvements, especially in performance.  For compatibility reasons, browsers will support HTTP/2 only over HTTPS.  If you want to benefit from the evolution of the Web, particularly performance improvement when delivering data-heavy sites, you need to adopt HTTPS.

5. iOS and Android compatibility

iOS 9 has a strict requirement for HTTPS, and Andrioid M has a less strict but still real requirement.  If you intend to deliver content to iOS and Android smartphones, in the future you’ll have to use HTTPS, so changing now makes sense.

Dave’s Super Hosting Service

If you’re using Dave’s Super Hosting Service, don’t be concerned.  All the sites are being converted to HTTPS, using my own site as a test vehicle.

The Bottom Line

The first reason given, which is respect for the privacy of your visitors in this era of unprecedented snooping on all of us, is reason enough.  But if you add the second and then third reasons, it’s clear that you need to get on with it and adopt HTTPS if you haven’t already.

 

 

 

 

 

It's only fair to share...Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
Linkedin
Share on google
Google
Share on print
Print