UPDATE! On February 8th Google announced on their blog they’re going to start alerting in July 2018 for non-SSL sites. Get your SSL today!
As TLS and SSL set a new benchmark for securely browsing the internet, devices and web browsers are equally raising the bar for presenting users a safe experience. As part of this effort, Google Chrome now displays a “Not Secure” warning in the web address bar when users visit a website without a valid SSL certificate. In the current version of Google Chrome (v63), this warning will only appear when entering information into a form, or if the browser thinks you’re trying to submit any type of secure information like login names and passwords. This warning will eventually occur on any HTTP page, but no timeline has been established.
What’s the difference between HTTP and HTTPS? What is the importance of TLS and SSL?
HTTPS encrypts the communication between a web server and the browser. By browsing via HTTPS (using TLS/SSL ciphers), we can prevent interference and intrusion such as injected advertisements and stolen data like passwords or credit card numbers. Any traffic sent unencrypted can be read and even modified by anyone between you and the website.
Learn more: Why HTTPS Matters – Google Web Fundamentals
What will users see if they try and browse via an insecure HTTP connection?
At this current time, Google Chrome browsers will be prompted that their connection is insecure any time the browser thinks you’re sending or receiving sensitive information. The warning may not appear immediately when browsing to a website. For example, when trying to log in to a website over HTTP, the browser will warn the user via the address bar only after the login field has been selected.
Want to see how your browser reacts to a variety of insecure situations? Check out the Chromium Project’s testbed: https://badssl.com
While a safer browsing experience is important to all users of the internet, there are some hosting providers and website owners that this will impact more than others. For example:
- Companies that transact some form of online business on websites without HTTPS – We never recommend any form of business transaction to take place over insecure HTTP, and this warning message will remind your customers and shoppers that you’re putting their information at risk.
- Companies with a mix of HTTPS and HTTP – While not all information needs to be transmitted securely, employing a mix of HTTP and HTTPS can cause issues with testing your content, adds room for error for failing to encrypt secure information, and may cause similar errors in the future as browsers become more strict for mixed security content.
A cPanel certificate will solve this issue – but not all certificates are the same!
A Domain Validated (DV) SSL certificate from cPanel will provide the encryption level necessary to give you HTTPS, earn a padlock symbol, and avoid the “Not Secure” warning. This is the baseline protection that will ensure your communication with your users is encrypted.
In addition to Domain Validation, cPanel offers a variety of SSL certificates including Organizational Validation (OV) and Extended Validation (EV). By selecting the top-tier Extended Validation, your certificate acquisition goes through additional checks to make sure your organization is legitimate and being properly represented. Choosing Extended Validation rewards your website with a company name badge dictating the most secure experience currently offered on the web.
With multiple options for SSL certificates, the addition of AutoSSL, and our partnership with Let’s Encrypt and Comodo, cPanel has been helping make the web more secure each and every month. We’ve seen a huge increase in the number of secure websites and hope to see the trend continue throughout 2018 and beyond.
Want to know more about how to enable additional SSL features for your users and get extended validation? See our blog post about cPanel & WHM’s certificate options or check out our technical documentation on the SSL TLS Wizard. Have feedback on how we can make your browsing experience more secure? Leave a comment below!
Photo illustration CC BY-SA 2.0 www.bluecoat.com.