Google & HTTPS

Written by clickonIT - Hosting, Security - No Comments

Google has announced that as of 1 July 2018 its Chrome browser will flag websites defaulting to HTTP protocol as “not secure” (https://blog.chromium.org/2018/02/a-secure-web-is-here-to-stay.html). Sites defaulting to the “secure “HTTPS” protocol will be shown as secure.

The impact on website owners will be significant. Visitors to “not secure” websites may understand the “not secure” message to mean that their own digital security is at risk and immediately navigate away resulting in lost traffic and opportunity. Since Google Chrome is reported to have 69% of the browser market, the audience that will be exposed to these security messages is huge. It is important that website owners understand the consequences if not the technology and take appropriate action to deflect the potentially negative impacts.

HTTP has been the standard protocol for website transmission since the beginning of the WWW. HTTPS is a protocol that utilises Secure Sockets Layer (SSL) encryption. This technology adds another level of security to web communication. SSL is implemented by the use of digital security certificates. It has many variations from simple to highly sophisticated encryption and the added complication of authentication of teh encryption certificate owner and issuer.

As usual, all is not as simple as it first appears. To start with the value of perceived additional security is open to question as it is point-to-point only. Data security on the servers and receiveing computers is unaffected and therefore as secure or insecure as it ever was. All data sent across HTTPS channel must be covered by the security certifcate leading to problems with sites that pull content from any other sources, or which operate through caches, firewalls or content distribution networks. Such content will almost certainly produce security notifications that are even scarier that the “not secure”.

What can be done to minimise negative effects of this change by Google?

Firstly, all sites hosted by clickonIT.com.au have been provided with a generic SSL certificate issued by cPanel. cPanel is the foundation technology behind all clickonit websites. This means that you can immediately start using the secure protocol (https://www.xxyourdomainxx.com) without any further action on your part. This service has been in effect for some months now and is provided completely free of charge in your hosting package.

Depending on the nature and configuration of your website, using the HTTPS protocol may generate error messages, for example if you are using a caching service or CDN as mentioned above. If you use a content management system (CMS) such as WordPress you may need to make some adjustments to your site configuration to ensure that it functions without errors. Your website developer will be able to help you get your site in order.

The other important matter to consider is that while the generic security issued as a free service is valid and authentic, it does not identify your business as the owner of the website it is associated with. This aspect will affect sites that conduct online business more than others just providing information. It also explains why you will see SSL certificates offered commercially. These SSL certificates perform the same (or better) levels of data encryption and also provide reliable authentication of your business identity. This can be reassuring for your customers particularly if you are asking them for payment details online. There are many different levels of SSL certificate ranging in cost from tens to thousands of dollars per year. A custom SSL certificate requires you to have a unique IP address and manual assistance to install which is a (small) additional cost per year.

Website Owner Action

Most website owners will need help at two points;

  1. Getting their existing website to function without errors using the free SSL certifcate provided by clickonIT. Contact clickonIT to sort out your SSL solution.
  2. Choosing the most appropriate custom SSL certificate and having it installed on their existing website, and making any adjustments required to operate without security errors. Contact clickonIT helpdesk for a free review of your website with recommendations.

With over 30 years experience in providing online information services clickonIT has the knowledge and resources to deliver a quality result at a reasonable price.

clickonIT offers a range of custom SSL services bundled with dedicated IP and installation services. Contact us about your situation now…

Comments are closed.