What is SSL? Why is the website not safe anymore?
26 Jan 2017
What is SSL? Why is the website not safe anymore?
Version 56 of the popular browser Google Chrome is here and more and more users are getting the update.
Why should you care about this? Well, just like Google said in their blog months ago, Google Chrome will from now on show a warning on webpages that handles logins or credit card information and not using SSL.
What is SSL?
SSL is a technique used to encrypt traffic on the web, between web server and web browser. In a little more detail, if you for example login with username and password on a site not using SSL, then anyone who have access to follow the traffic on your current network can easily see your user information. With SSL, this is encrypted and therefore useless (of course assuming the encryption is not broken).
So what does this look like in the browser?
Two examples below, one is from SF’s “bioklubben” which does not use SSL and now gives a warning “not secure” (“inte säker” in swedish as in the screenshot). It should be noted that SF do use SSL when handling ticket bookings and purchase. The other example is the login page of our client internalDesk.
Bioklubben at sf.se
Red Onion's client internalDesk
Do I need SSL?
Pages with login where it now says “not secure” are not less secure than before, it’s “just” that Google Chrome has started showing this warning. So you do not need to worry about your site becoming less secure, however it might be a wake-up call if you are running a website that should be more secure.
If you have any type of service where users can register and should be able to feel safe that their personal information is secure, then it can be a good idea using SSL. If you’re just showing some information about yourself or your company, then there’s no need to panic at this point.
In addition to the security, using SSL gives slightly better ranking on Google searches, so if you want to maximize that, this is another reason to use SSL. The effect of this is however currently small.
In the future, likely all pages, not only pages with login or credit card information, will give a warning in Google Chrome (as they write in their blog)
Do you need to use SSL on your website? It’s likely that you can add that via a control panel on your server. Worth knowing is that when switching, it may be required to do some small changes on the site, for example no content can be linked in without SSL (i.e. using just “http”) to make sure the browser labels the page “secure”. It’s even so that e.g. JavaScript simply will not load if it’s linked in via http if the page is using SSL. On many webpages all those links are relative and you may not need to change anything to get it to work.
When everything is working, you might also want to add the code below to your .htaccess file, to make sure all the users are directed to the encrytped (https) version of your site.
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
If you’re uncertain on what to do, feel free to contact us – we’re happy to help :).