10-07-19Global River News

Jon Hassett

Director

Jon@Global-River.co.uk

Tel: 01606 782815Mob: 07738 289309

Read more posts by Jon

This article was posted 5 years ago and is filed under Global River News.

We design and build stunning, easy to manage websites that don’t cost the earth. A range of Search Engine Optimisation, and Digital marketing tools and services do the rest. Our business, is growing yours!

Why is my website showing as not secure?

We are now getting a steady stream of customers asking us “Why is my website showing as not secure”, so we wrote this article to help! In July this year (2018), Google Chrome began to display warnings for websites that it deemed insecure;

This new notification is now displayed on any website without an SSL (Secure Sockets Layer) certificate (https). SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser. Typically, SSL Certificates bind together:

• A domain name, server name or hostname
• An organisational identity (e.g. company name) and location.

If an organization installs the SSL Certificate onto its web server it will initiate a secure session with browsers. Once a secure connection is established, all web traffic between the web server and the web browser will be secure. As pressure on organisations to remain secure increases Google will be penalising non-secure website by displaying the ‘Not Secure‘ sign.

Types of SSL Certificate

There are three main levels of validation provided by an SSL certificate; Domain Validation, Organisation Validation, and Extended validation.

Domain Validation

This is the lowest level of validation available and it simply verifies that the organisation has control over the concerned domain. For our customers we can set this form of SSL Certification quickly and easily on our UK Fast server having already pointed the Domain name to that IP address. As a basic level of security that will reduce the chance of hackers hijacking the connection to the website and stealing any useful information such as login details.

Organisation validated SSL Certificates

Organization Validated SSL Certificates offer a slightly higher level of Validation. The Certificate Authority, usually the company you purchase the SSL Certificate from (e.g. 123-Reg or Go Daddy etc), investigates the organisation making the application, though not very deeply. They will contact the organization to make sure it is authenticated. The Certificate Authority validates the ownership of the domain along with organization information included in the certificate like name, city, and country. This tends to take a few days and involves the Global River team (if involved) creating and copying a series of keys on to our server for you to set the certificate up.

For any websites with a secure login, we would recommend protecting the site and it’s users with at least this level of SSL Certificate.

Extended Validation Certificate

The strictest type of SSL certificate, the CA validates the ownership, organisation information, physical location, and legal existence of the company. It also validates if the organisation is aware of the SSL certificate request and then approves it. Documents are required to certify the company identity along with lots of checks. This takes a few weeks and will involve the purchase of a certificate from a registered provider such as Verisign or GlobalSign.

Global River can again install the certificate for you. This level of SSL Certificate delivers a green address bar with company’s name, and is recommended for all E-Commerce or transactional websites.

For Global River customers, we will be recommending everyone have at least the Validation Level SSL Certificate. We will undertake this for £30.00 + VAT. If you are not yet a Global River customer we may still be able to help.