Posted on August 7, 2018
On July 24th, Google officially launched Chrome 68.
With new features and security enhancements, Chrome continues to leverage its market dominance to push for a safer and more secure internet.
From the beginning, security has been one of Chrome’s core principles and one of the biggest changes in Chrome 68 is displaying ‘Not Secure’ warnings for websites not encrypted with HTTPS.
Nearly two years ago, Google announced that Chrome would eventually start marking all sites that are not encrypted with HTTPS as “Not Secure” as an attempt to motivate site owners to improve the security of their websites. With the release of Chrome 68, this has now become a reality.
Starting in October 2018, Google plans to start showing a red “Not Secure” warning when users enter data on pages that are not served using HTTPS.
Google made the importance of HTTPS as a ranking factor known to webmasters at the back end of last year. SSLs are increasingly important in building your web presence and more and more sites are rightly adopting HTTPS as standard. Webmasters are clearly keen to respond to Google’s suggestions, while searchers will no doubt be increasingly aware of security issues..
Earlier this month, Google’s Webmaster Trends Analyst Gary Illyes revealed that the search giant is looking at further boosting the ranking of secure login pages, giving HTTPS even more importance. So a secure site is a ranking factor, but he also explained that SSL needs to be implemented properly.
Speaking at Search Marketing Expo West in San Jose, USA, Illyes suggested that Google may soon highlight in search results sites that have broken security certificates. That could mean savvy searchers avoiding flagged sites altogether making working SSL certificates essential to maximise traffic to your site. He did however, stress it is only an internal experiment he is working on, but that it was mentioned at a public event suggests that it is an idea growing in strength.
What is a broken SSL?
Very often, just a small oversight is to blame. Commonly, items – such as an image – are referenced on a secure page but that item is not located in a secure location, which breaks the secure enclave. Two of the most common issues we often find with customers is the Private Key not matching the Certificate and sometimes a certificate authority (CA) being wrong for the Certificate signature. These are often simply administrative errors that are easily solved, but only if you know about them. So making sure your SSL works correctly should not only be a task when you install a new SSL certificate but also a routine maintenance check. Time well spent for the reassurance that all is well with the security of your website.
How can I check if my SSL is broken?
There are a number of sites that provide checker tools that can help you determine if your SSL is configured correctly. For example the 123-reg SSL partner GlobalSign provides a simple SSL checking tool that runs in minutes once you have input your URL. Click the image below to check your SSL on the GlobalSign site.
How do I get an SSL certificate for my website?
It’s always best to contact a web hosting company to secure an SSL certificate for your website and to ensure its hosted on a secure server. All of the big names such as GoDaddy, 123 reg and 1and1 sell them, you may think we are biased, however honestly is even easier to purchase on from a smaller hosting company like ourselves. One of the main reasons for this is you can avoid waiting on hold for long periods of time to speak to call centre staff whose expertise in the area is often questionable.
Is it easy to get an SSL certificate?
Don’t be fooled into thinking this is a complicated process, unfortunately like anything that increases in demand SSL certificates are being mis sold, with business owners being exploited. Since the new GDPR updates on the 25th of May 2018, I have personally come across more UK website hosting companies (add link to your HP or hosting page) and other online businesses exploiting business owners with the way they are monetizing the supply of SSL certificates.
DevonWebs make buying an SSL certificate as simple as it should be, offering a transparent service at competitive UK rates.
How much is an SSL certificate in the UK?
The prices differ depending on the company and the type of Secure Sockets Layer your website needs. There are 3 different types of SSL certificate available in the UK which offer 3 levels of user trust. You have domain validated (DV SSL), organisation validates (OV SSL) and extended validation (EV SSL) each one has different purposes, (I will expand on this later / great chance to expand the page word count and go into great detail see https://www.globalsign.com/en/ssl-information-center/types-of-ssl-certificate/) DevonWebs will make sure your business gets the right one for your website and can explain in further detail when you contact us (add link to contact us page)
DevonWebs includes a free DV SLL part of any of our hosting packages, £60.00 for a OV SSL and £135.00 for the EV SSL version.
Types of SSL Certificate
Domain validated or DV certificates are the most common type of SSL certificate. They are verified using only the domain name. Typically, the CA exchanges confirmation email with an address listed in the domain’s WHOIS record. Alternatively, the CA provides a verification file which the owner places on the website to be protected. Either method confirms that the domain is controlled by the party requesting the certificate.
Organization validated or OV certificates require more validation than DV certificates, but provide more trust. For this type, the CA will verify the actual business that is attempting to get the certificate. The organization’s name is also listed in the certificate, giving added trust that both the website and the company are reputable. OVs are usually used by corporations, governments and other entities that want to provide an extra layer of confidence to their visitors.
Extended validation or EV certificates provide the maximum amount of trust to visitors, and also require the most effort by the CA to validate. Per guidelines set by the CA/Browser Forum, extra documentation must be provided to issue an EV certificate. As in the OV, the EV lists the company name in the certificate itself, However, a fully validated EV certificate will also show the name of the company or organization in the address bar itself, and the address bar is displayed in green. This is an immediate, visual way that viewers can know that extra steps were taken to confirm the site they’re visiting – which is why most large companies and organizations choose EV certificates.
Where to buy an SSL certificate UK?
As mentioned above we can give you the best price to buy an SSL email email@example.com or call 01271 320963 to purchase your SSL today.