HTTPS Is Coming to a Site (Very) Near You

Submitted by brian beam on Mon, 10/17/2016 - 14:42

I wanted to take a minute to let all of CommandB's clients know about some important security-related changes coming from Google. You may have heard about Google's increasing efforts to move all websites to using secured connections via HTTPS. In short, here's what's happening...

Currently, if a site is secured via HTTPS, then a padlock appears in the URL bar along with a green "https" next to the URL which most users have learned to associate with a secured website.

CommandB.net | HTTPS indicator

If the site is NOT secured with HTTPS, then Google Chrome displays a neutral "info" icon next to the URL. If you click on this icon it tells you that the connection to the website is not private.

CommandB.net | Chrome - No HTTPS

At some point in 2017, Chrome will replace this neutral info icon with a red warning triangle in order to alert users that the site is not secure. Firefox is currently doing something similar and it's very likely that all web browsers will eventually follow Google's lead.

CommandB.net | Google's ultimate HTTP warning

Perhaps more importantly, in addition to these browser-based warnings, Google has begun favoring sites served with HTTPS in their search results. If high Google search ranking is important, then adding HTTPS to your site can be critical to maintain your current level of visibility in Google.

Because of these upcoming changes, I'm recommending to all of my clients to begin serving their websites under HTTPS. This can be done a couple of ways:

Commercial SSL Certificate

There are two types of commercial SSL certificates:

  • A standard domain-validated certificate only requires that the person requesting the certificate demonstrates control of the domain. This is the most basic type of security as it simply lists a green "https" in the browser's URL bar.

CommandB.net | Chrome HTTPS

  • An extended validation certificate requires that the organization undergo a background check to ensure that they are legitimate. These take longer to issue and are more costly, but they inspire added confidence by adding your company's name to the green https indicator in the URL bar.

CommandB.net | Chrome HTTPS Extended Validation EV

Let's Encrypt SSL Certificate

Let's Encrypt is a non profit initiative whose purpose is to increase security on the Internet by making standard domain-validated SSL certificates affordable for all website owners. There is no cost for a Let's Encrypt certificate; just the labor to set it up and manage the ongoing renewals.

CommandB's Recommendation

Obviously, the Let's Encrypt option is much more cost effective and it's the solution that I recommend in most cases. (It's the option used on this website.) However, for those who prefer the added "credibility" that a commercial certificate provides, then you may feel that it's worth the added cost. Either option will encrypt your website traffic and will keep Google happy.

Of course, the third option is to do nothing, but I really can't recommend that based on the direction the Internet is headed.

Please get in touch if you have questions; I'll be happy to answer any other questions you may have and provide a cost to enable whichever option you prefer.