Network ServicesWeb DevelopmentMobile AppsSoftware Development

TeamViewer QuickSupport
Home About Us Clients/Testimonials Certifications Blog Newsletters Upload/Download Chat

January 2017 Deadline for Securing your Website with HTTPS

November 17, 2016

Almost all websites accepting credit cards now have proper certificates in place to serve the site securely via HTTPS, which shows the “lock” icon in your browser address bar. If you don’t see the lock icon in your browser, never provide any sensitive information.

Google has been pushing stricter security standards over the past year or so and we’ve upgraded all of our customers’ certificates to use stronger keys to avoid Google’s security warnings.  But farther-reaching changes lie ahead for HTTP requirements…

What is HTTPS and why do I need it?

Secure sites start with “https://” rather than “http://” and protect your transmissions by encrypting data with a pair of public and private keys.  Your browser uses the certificate’s public key to encrypt data transmitted and decrypt data received from the server.  The web server, on the other hand, uses the private key to decrypt data received and encrypt data sent to the browser.  Since the Internet is a huge network of servers and Internet Service Providers (ISPs), your request never goes directly from Point A to Point B, but is routed between dozens of points in-between.  These intermediary points lack the public key to decrypt data, so your transmission remains private.

How is Google changing their security warnings in January 2017?

Starting with Chrome 56 (to be released Jan 2017), Google will warn users when a site is not secure if the page is asking for credit card information or passwords.  This will affect things like company intranet sites (rep portals, employee-only pages, etc.) if no certificate is installed.

chrome56

Eventually, all non-HTTPS sites will display the warning seen below as the push toward a more secure web continues.

chrome-eventual

It’s never too early to secure your website and HTTPS should not be ignored just because it’s not yet a hard requirement.  Depending on the number of websites you run, it may be more cost-effective to purchase a 5-domain SAN (Subject Alternative Name) certificate or a “wildcard” certificate that can be used across unlimited servers and sites within your domain (www.example.com, reps.example.com, mail.example.com, shop.example.com, etc.).

We’d be happy to discuss this requirement with you and help you choose the best certificate to secure your online presence.

Recent Posts

Archives

Categories