“NOT SECURE!” Chrome now enforcing HTTPS connections
“NOT SECURE!” Google’s Chrome 56 is now penalising websites with non-secure HTTP connections. Websites requiring users to transmit credit card information and passwords must be using a SHA-2 SSL certificate. If you haven't gotten around to buying (or updating) your certificate, there is simply no reason to put it off any longer.
What is HTTPS?
The time has come and gone for HTTP (HyperText Transfer Protocol), once the standard protocol used to exchange information on the Internet. As of last month, Google is providing users with a clear visual warning that the HTTP site on which they are about to share passwords, payment information, and other personal information is non-secure. Until now, Chrome has not explicitly alerted users to the fact that an HTTP connection is non-secure, a fact users may or may not have been aware of.
In fact, for some time, Google has been educating the public about HTTP security problems, encouraging more sites to adopt HTTPS (HyperText Transfer Protocol Secure). HTTPS one-ups HTTP as it encrypts end-to-end all information sent and received over a website, securing and protecting users from criminal interference. Bank account information, personal details, user names, and passwords can all be encrypted. Even domain names are encrypted so no one can see what site a user is visiting.
HTTPS requires the use of an SSL (Secure Sockets Layer) certificate so that only the sender and recipient can make sense of the “code” used to encrypt information. Users are alerted to the fact that a site employs an SSL certificate because they see in their browser a padlock, green text, and the HTTPS protocol.
Why HTTPS with SHA-2?
Google’s embrace of HTTPS is part of a larger effort to create a more secure Internet. The company made the announcement in 2014 that it would remove support for SHA-1 SSL certificates in Chrome 56, which was released at the start of 2017. (Mozilla and Microsoft have similarly announced their own SHA-1 depreciation cut off dates.)
Because SHA-1 certificates have long been considered weak, increasingly susceptible to hacking, HTTPS sites which make use of SHA-1 are no longer considered trustworthy in Chrome. SHA-1’s successor, SHA-2, is considered superior as it delivers stronger online security.
Which SHA-2 SSL certificate is right for you?
EuroDNS offers four different SSL certificates, all of which are:
- Easy to set up and cost effective
- Supported by Google Chrome
Our certificates provide different levels of security and are designed to meet our customer’s unique needs:
SSL Certificate #1: Alpha
- Configures a single domain name and provides basic security
- Free with every domain name registered with EuroDNS
SSL Certificate #2: Domain Validation
- Configures multiple domain names operating on different IP addresses
- Works on domain names registered with EuroDNS or other registrars
SSL Certificate #3: Organisation Validation
- Provides a higher level of authentication
- Domain name ownership confirmed by Certificate Authority (CA) GlobalSign, the globally renown WebTrust authority with whom EuroDNS partners
SSL Certificate #4: Extended Validation
- Delivers the highest level of encryption security
- Recommended for high-level profile websites – big name brands, government entities, and financial institutions
A wildcard option is included with Alpha, Domain, and Organisation certificates, which means you can use the certificate on an unlimited number of subdomains and servers.
Secure your site with SHA-2!
We invite you to get in touch with us if your HTTPS site is currently using an SSL certificate with SHA-1 and/or you aren’t sure which level of security is right for you. We’re happy to walk you through the hassle-free process of transferring to one of our SHA-2 certificates.
The last thing you want is for your website visitors to be greeted with the message “NOT SECURE”. So don’t delay. Get in touch with us today!