In 2016, Google announced that part of their plans with the Chrome browser was to push for a ‘more secure web’. And October onwards, all sites that do not have an SSL certificate will be tagged as ‘Not Secure’ on Chrome. Google says that it believes having an SSL certificate/HTTPS status should be the default state for websites. It logically follows, of course, that Google is also removing the ‘secure’ tag from sites with SSL certificates from mid-September.
HTTPS (Hyper Text Transfer Protocol Secure) helps in protecting the confidentiality of users’ data. An unencrypted page is vulnerable to eavesdropping by hackers intercepting communication between users and the website. Websites which have login pages and store sensitive data are at a greater threat.
Market reports suggest that Google Chrome has close to 60% global share, and therefore it makes sense for website owners to upgrade their sites if they haven’t already. Apart from the technical aspect, a ‘non-secure’ tag could be a deal breaker for customers when making transactions and on the whole spell PR disaster for firms.
Luckily it is easier than ever before to get an SSL certificate. While domain registrars and hosting providers have been offering SSL certificates for a long time, today it is possible to get one for free.
Let’s Encrypt (letsencrypt.org) is a Certificate Authority that offers SSL certificates for free. It is run by the non-profit Internet Security Research Group and counts firms such as Cisco and Facebook as sponsors and donors.
It utilizes the Automated Certificate Management Environment (ACME) to automatically deploy free SSL certificates that are trusted by nearly all major browsers. No surprise then that it has issued over a 100 million SSL certificates so far.
It has a simplified process to get you up and running with or without shell access to your web server. Check it out at https://letsencrypt.org