Starting July 2018 with the release of Chrome browser version 68, Google Chrome will start marking all HTTP sites with a “Not secure” badge, even those that don’t deal with sensitive customer data. Google has been encouraging websites to move from HTTP to HTTPS by boosting them in its search results, and now it’s trying to accelerate this shift by tightening up its regulations. In the future, Google plans to flag potentially unsafe HTTP sites with a red triangle security indicator, which is presently being used for broken HTTPS sites.
Why do websites need HTTPS?
Both HTTP and HTTPS are communication protocols that are used to transfer information over the web. While the former sends data in plaintext, the latter encrypts the data as it’s transferred. So if your website runs on HTTP, it means that anyone who intercepts the connection can easily steal your customers’ data. HTTPS, on the other hand, can still be intercepted, but the information will be safely encrypted and unreadable.
How to switch to HTTPS
On the surface, switching to HTTPS is pretty easy. All you need to do is:
- Purchase an SSL certificate for your domain.
- Install the SSL certificate on your web server.
- Monitor its usage, and renew the certificate before it expires.
It may seem like this shift is simple, but in reality, it requires a lot of work from your administrators. This task is especially daunting in larger organizations that maintain a number of domains; administrators will have to juggle with scores of SSL certificates, monitor them continuously for usage and expiration, keep track of the endpoint servers to which they are deployed, and ensure timely renewals before the certificates expire. Expired SSL certificates can cause browsers to throw security errors when users access your website, which may be damaging to your brand, or worse, could lead to a security breach.
Taking care of HTTPS migration is easier said than done. Organizations looking to make the switch to HTTPS need a solution that can completely centralize and automate the management of SSL certificate life cycles.
If your organization is planning to transition, check out Key Manager Plus, our web-based SSH key and SSL certificate management solution. Key Manager Plus helps you centrally acquire, consolidate, deploy, track, renew, and audit the entire life cycle of SSH keys and SSL certificates. It provides complete visibility into your SSL environment and automates all SSL certificate management-related operations.
Click here to download Key Manager Plus.