Are you ready for Google’s SSL apocalypse?
posted by Bob Mills
In the next few weeks, Google’s Chrome web browser will begin displaying alert messages on websites and web pages that are not secured by an SSL Certificate. For anyone who doesn’t know what that is, an SSL Certificate is the thing that turns your garden-variety HTTP website into an encrypted and secure HTTPS site.
Until now, most people didn’t need to worry about having an HTTPS website unless they were collecting sensitive information from visitors or they had an online store. However, now that Google’s popular web browser will be issuing warnings, there’s plenty to worry about if your organization’s website is not secure. For one thing, the warning alerts that appear in your website address bar, and which may also appear in pop-up alerts, will be a sure-fire deterrent to many of your visitors and potential customers. After all, who wants to open a web page that Google says is “not secure”?
At Pier 8 Group and Digital Bees, we’ve been busy upgrading our own websites and those of our clients to the secure HTTPS platform. In some cases this is a simple process; in others, not so much.
Installing the SSL
There are a number of problems that can occur during the installation process. One of the more common issues has to do with “mixed content”.
When you install an SSL Certificate it should protect all of your website’s pages. However, it can’t protect a page that has files and images with HTTP addresses, or content that’s been imported from another site whose pages aren’t secure. This can lead to a situation where you get the “Secure Padlock” on most of your pages, but not those with “mixed content”. If you’re a WordPress user, there are plugins to help you resolve the issue, but you may still have to search and replace files that have an HTTP address, or re-upload some of your images.
Moving from HTTP to HTTPS also requires moving your site to a secure server – which means your domain name will have to be repointed to that server. You’ll also want to check to see that your DNS mail records are properly updated too. That doesn’t always happen automatically, resulting in a “server not found” message when you try to retrieve your mail.
What Does It Cost?
The cost to purchase and install an SSL Certificate varies – anywhere from free up to about $200. While it’s possible to install the certificate yourself, I would strongly recommend you contact your web host or website developer to help you through the process.
SSL certificates must be renewed annually, which will probably run you about $50. Some companies offer free SSL as part of their web hosting package, but if your website doesn’t have it now, that probably doesn’t apply to you.
Going SSL has several benefits. It increases consumer trust by demonstrating you care about the security of the information they may share on your website. It also keeps you good with Google, Microsoft and Apple, who are trying to make the internet more secure. Plus you’ll avoid the dreaded “Not Secure” warning that will otherwise be tagged to your site.
As an added bonus, you’ll also be rewarded by getting a boost in Google’s search engine results, potentially driving more traffic to your website. For any business that relies on the internet to generate leads and get customers in the door, the latter alone is a big incentive to make the transition to SSL.