Have you noticed this icon?
It’s official, Google Chrome is now marking all sites without an SSL as “not secure.” If you are using the Google Chrome browser, look carefully next to the URL or web address in the address bar.
You may see one of these three icons:
- Secure: Information sent through the website is protected.
- Info or Not Secure: Information sent through the site is not private or protected. It is possible for someone to see and/or modify information you may choose to send through the site.
- Not Secure or Dangerous: Google suggests you proceed with caution!
It is recommended to be extremely careful with any private or personal information you choose to share on any website flagged as Not Secure or Dangerous. It may be best to avoid the site entirely, especially if the site asks for login or payment information. In addition to this icon next to the URL or web address, you may see a full-page warning screen warning, which indicates that Google has flagged the website as being unsafe through Google’s Safe Browsing service.
Please note, even if you see the Secure icon, it is good to always be careful about what Private information you choose to share. Also, if you arrive at a website through a hyperlink (instead of typing in an address directly into the browser’s address bar) it is good to double-check the URL or web address to make sure you are actually on the website you intend to visit.
Stay with us, to learn more about SSLs and which one is right for you:
- If your website is secure
- How SSLs work
- Which SSL is right for you
- Purchasing and Installing an SSL Certificate.
- Getting help with an SSL
Is your website secure?
When you visit a website with the Secure icon, it means that website is protected by using a security protocol to encrypt the information exchanged between the web browser you are using, and the web server the website you are visiting is stored on. This type of technology is known as SSL (which stands for Secure Sockets Layer) and helps to ensure that all data sent from your browser to a web server is protected through encryption. An SSL certificate is required to make this happen.
SSL certificates are installed where a website is hosted. In order to obtain a certificate, the web host must provide specific details, such as the domain name for a website, name of the company associated with the website, address (city, state, and country) for the company, and more. Once activated, a certificate contains a series of cryptographic keys (a Private Key and a Public Key). The submission of a CSR (Certificate Signing Request) is also needed and is placed in a data file which has all the details as well as the Public Key. All of this is validated by the CA (Certification Authority), and when authentication is successful, a protected, secure link is established.
How does an SSL work?
The process through which an SSL works is known as the SSL handshake:
- When you visit a website, the web client (browser) checks to see if there is an SSL certificate for the website you are visiting. — This starts the communication process.
- If there is an SSL, the server sends back the encrypted public key/certificate for the website.
- The web client checks the validity of the certificate, and if it checks out, sends an encrypted key back to the server. (If it doesn’t check out the communication fails, and the browser will indicate the insecure connection with a warning.)
- The host (server) for the website then decrypts the key and delivers the encrypted content with the key to your browser (web client).
- Finally, the client decrypts the content and completes the process.
Which SSL is right for you?
There are different kinds of SSL certificates. For most, a standard SSL certificate is what is needed. However, exactly which one you should have depends on the requirements of your website and the industry you are in. For example, finance and healthcare related industries have specific industry requirements for SSLs. Also, the situation may depend on whether you have more than one website on the same domain, such as with multiple sub-domains, where a Wildcard SSL would be the best choice to protect all domains involved.
The cost of these SSLs may vary, and each may have renewal costs as well. It is important to note that SSLs have expiration dates, and must be renewed/re-installed prior to their expiration to avoid uninterrupted encryption.
Purchasing and Installing an SSL Certificate
SSLs may be purchased from a variety of third-party providers but must be installed where your website is hosted. We recommend purchasing an SSL from your website hosting provider (if possible). We find more often than not, it is easier to install when purchased from them directly, as they usually provide detailed instructions and/or documentation to walk you through the steps of proper installation and setup per the specific requirements of the server environment your website may be hosted on.
Our general process is as follows:
- Purchase SSL
- Activate the certificate
- Install the certificate
- Check URL or web address redirect settings
- Update website code to use https://
Once an SSL is installed, the URL or web address of your site changes from using an unsecured protocol (http://) to a secured protocol (https://). It is important to double-check the domain hosting settings for your website, and establish any necessary redirects, so in the event a visitor attempts to go to your non-secure (http://) address, they may be automatically redirected to the new secure (https://) address.
Lastly, after the SSL is installed and redirects established, it is important to review the site carefully and be sure there is no mixed content in your website code. Mixed content occurs when the web code calls for the loading of assets (videos, images, stylesheets, scripts, etc.) using an unsecured protocol (http://) instead of a secured protocol (https://). Having mixed content on your website means it cannot be secured, and will likely result in security alert notifications for visitors (especially when using the Chrome web browser).
Checking to make sure your SSL is installed correctly is easy. There are a variety of free tools available to help you diagnose any issues with your SSL certificate installation, and also to verify that the certificate has been installed correctly on your web server.
Here are a few tools we use often:
Need help with an SSL?
Having an SSL on your website has favorable results for users of the Chrome web browsers, and also may improve Google search engine rankings. Most important, by securing the transfer of data through encryption, you bring credibility to your website and protect your visitors.
Side note: An SSL is very important for building customer trust and SEO in 2019.
Thrive Can Help
Properly installing an SSL is just one of the many ways we help secure websites for our small business owners. If you’d like our help, give us a call at 931-221-4991, or click the link below to get started!
Posted In: News