Security for websites are undergoing major changes. The extent of these changes is comprehensive and will affect all websites using HTTP:
The implementation of the changes has been done gradually and the “final” date has been changed several times, but according to Google (8th of Febuary 2018) you will need to make your website secure by the beginning of July. If you still have a website using HTTP after this your visitors will see this when using Chrome:
HTTP has been used for many years, but has a major flaw. All data transfered via HTTP can be stolen or manipulated because it’s not secured.
HTTPS is secured and ensures all data transferred is encrypted and protected. We can therefore understand why web browsers now will require the use of HTTPS as standard.
The data is not only protected and encrypted but using HTTPS will give up to 5% increased visibility in search engines and more options for your mobile website. HTTPS also enables the use of HTTP/2 which provides 20-30% faster page load compared to HTTP.
How do I get HTTPS?
In order to get HTTPS your website needs to have an SSL certificate. Choosing the correct SSL certificate can be confusing. We recommend reading “SSL certificate – how to choose the right one”. Please do not hesitate to contact us and we will help you choosing the right SSL certificate for your website.
Symantec is one of the worlds leading certificate authority (CA) and have now entered a collaboration with DigiCert. Fall of 2017 the two partnered to form the worlds leading CA.
If you haven’t heard the exciting news, Symantec, the world’s foremost Certificate Authority, is now powered by DigiCert, another industry titan. This past Fall, Symantec and DigiCert went into business together and formed the most powerful Certificate Authority in the world.
We know you’ve probably got a lot of questions. So here’s a quick explanation of why this happened, what to expect and when you’ll start to see changes.
The world’s most powerful CA
Symantec’s new partnership with DigiCert truly is a perfect match—the two CAs are a perfect complement for one another. Now Symantec’s premium security offerings, powerful add-ons and unmistakable recognition will be undergirded by DigiCert’s industry-best validation practices and mechanisms, along with its universally trusted PKI.
Customers can expect to see:
The same great Symantec and DigiCert products
Streamlined validation that cuts days off issuance
A universally trusted PKI
Continued trusted status from browsers
The latest encryption and hashing algorithms
Why did Symantec and DigiCert merge?
Symantec and Google had been negotiating for months regarding issues with Symantec’s PKI. After coming to an agreement on a fix, Symantec sold its SSL and PKI division to DigiCert in exchange for $950-million. Symantec also now has a 30% stake in DigiCert.
What does this partnership accomplish?
In the interim, it will keep all of Symantec’s currently issued digital certificates trusted. In the long run? The two companies will slowly merge, identifying the strength of each and using them to build a new, more efficient CA. The new PKI system is expected to go-live on December 1, 2017. This means all new, reissued, or renewed SSL certificates issued after December 1, 2017 will be publicly trusted across all browsers.
Your Action is Required
In order for this transition to work as smoothly as possible, you may need to re-validate and re-issue your SSL certificates from DigiCert’s new PKI. Don’t worry, we will guide you seamlessly through this industry transition. This process will be quick and painless, and most important: FREE. All impacted customers will receive detailed instructions via email about how-to re-issue your SSL certificate.
The re-issue process will take place in multiple phases. There is a strategy behind this transition and when to re-issue your SSL certificate based on the issue date, expiration date, and browser timeline. The start date for re-issuing your SSL certificates is after December 1, 2017.
If your SSL Certificate was issued before June 1, 2016, you have until March 15, 2018 to re-issue your SSL certificate.
If your SSL Certificate was issued after June 1, 2016 you have until September 13, 2018 to re-issue your SSL certificate.
Here is a visual representation of the upcoming dates:
We’re here to help!
As always, if you have any questions or concerns regarding this transition, feel free to contact us.
The demand for SSL certificates have been increasing rapidly the last couple of years. The reason for this is most likely because security have become more important as there are continuously new cases of hacking and cyber-attacks. Google and the web browser community have also contributed to the increasing demand. Not having an SSL certificate will cause a warning to appear for the user in the web browser. Here at PRO ISP we receive daily inquiries regarding SSL and the most common questions are:
SSL certificates are used to create a secure connection so that the information being sent cannot be monitored or altered by anyone. In other words, it ensures safe communication. On a website with SSL certificate, the URL will contain an S so it will say https:// instead of just http://.
SSL certificates are not only used for web servers, but for any type of service where secure communication is required (email, FTP for example). However, it’s mostly on websites that you will notice the use of SSL due to the visible indicators to increase end user trust and confidence in the browser. We will elaborate more about this later.
SSL certificates also have another function. The certificates are issued by certificate authorities (CAs). These issuers have a set of rules to follow for when a certificate can be issued – in the same way as there are rules for issuing passports or driver’s license.
There are currently 3 levels of validation for SSL certificates and each level have higher requirements than the previous level. The requirements verify control and ownership of the domain. Each level is meant to provide increased trust for the client that you are who you say you are. As each level require more information to be verified the price is usually higher for each level.
The easiest certificate to get issued is domain validated certificate. This certificate only verifies that you control the domain, which can be done via email, DNS and file. This part is done automatically for all our clients who order certificates for web hosting at PRO ISP. All our web hosting includes a free Basic SSL certificate which is a domain validated certificate. This only takes a few second to issue.
This is how a DV certificate will look in a web browser:
Site seal is not included for the free certificate, but is included in all the other certificates. You can however add a site seal to your free Basic SSL, which is cheaper than purchasing a SSL certificate. If you are wondering how a site seal looks on a website, look on the bottom at proisp.eu. Clicking the site seal will provide more information about the website and what is verified. Site seal is used to show visitors the owner of the website has secured the website and show what has been verified by a third party. This increases the chances for the first-time visitors to more quickly establish enough trust to the website so they may contact you or make a purchase. The site seal included with certificates typically contain more information the higher level they are, as well as being more expensive. The site seal for proisp.eu is one of the ones with most verified information as well as issued from the worlds most recognized brand when it comes to security online.
Paid certificates have a warranty covered by the issuer if the certificates have been issued to someone performing fraud and issuer should have known about. Visitors of the website is covered by this warranty. The warranty is another way to ensure the visitor to have trust in the website.
About 5% of our clients are denied Basic SSL by the certificate issuer due to information on the domain, domain name or contact information seeming suspicious. In these cases, a manual review is required by the issuer and you will need to purchase a SSL certificate instead.
2. Organization validation (OV)
Organization validated certificates must in addition to domain validation also validate the information regarding the organization/company. Private parties can therefore not purchase these. Required documentation is that the organization:
Own/operate the domain
Operates from the correct address
Can be contacted through public available contact information
In a web browser the URL will look the same for OV as DV certificate, but the visitor can check which organization and address the certificate has been issued to, as shown below.
The site seal for OV certificates contains more information (company name), the warranties are higher and there are some available extra functions such as malware and PCI scanning. As there is more to verify for OV it usually takes the issuer around 1-2 days from order to the certificate is issued. This is also reflected on the price.
3. Extended validation (EV)
EV SSL certificate requires the highest level of validation before being issued. Basically, most of the same information as OV certificates but the difference is there are fewer approved sources as well as the validation process is more thorough and more documentation is required. Compared to OV certificate there is overall more to validate on each check point. The most visible difference is seen in the web browser. This is how our URL is seen in the web browser:
You can clearly see who is the owner of the website as the company name is shown next to the URL.
Since there is more to validate for the certificate issuer it usually takes 2-7 days to issue EV SSL certificates. These certificates are normally the most expensive.
What do I need SSL certificate for?
In today’s society with increased focus on protection of privacy and security, secure communication is essential to maintain both.
Higher ranking in search engines Search engines have added SSL as a part of their algorithm ranking and it is estimated websites with SSL have about 5% better results than websites without.
Faster loading websites Web browsers have chosen to support the new HTTP/2 protocol when using SSL/TLS only. HTTP/2 can reduce the loading time with 20-30%. All our web hosting supports HTTP/2, but only when you have an SSL certificate your website will use HTTP/2 instead of the older HTTP/1.1 protocol.
Avoid warnings in the web browser Web browsers shows a warning that the website is not secure when inserting data into a form and the website is not using SSL. In the future a warning will be shown for all websites not using SSL.
Increase conversions A conversion is a visitor performing a desired action on your website. This could be a purchase, registration or anything else. All paid SSL certificates contain many benefits to increase conversions, such as site seal, warranty, malware scan and increased visibility in search engines. These benefits will help increase the trust for your website while showing your customers you are serious about security.
Company name visible in web browser EV SSL certificate clearly shows the owner of the website and that it has been validated from a secure third party. A message to show you have been through the most thorough check and give you the highest level of trust with your customers.
Which SSL certificate should I choose?
Which SSL certificate is the right one for you will depend on what kind of website you have and how it is used. Some have several domains and websites with different needs and therefore may need many different certificates.
Generally, we recommend you consider who your visitors are and what you want them to do. These questions should be answered:
To what extent does users notice if the website is secure?
How much will it mean for the visitors to see the website is secure?
Will indicators showing that the website is secure, or to show who you say you are, increase trust for your website and its visitors?
Will increased trust to your website increase the likelihood of visitors doing as you want them to?
If the visitors will not notice it the website is secure, and it will not increase the likelihood of visitors doing as you want them to, you do not need more than our free SSL certificate or Start SSL (RapidSSL). Even though it may not matter much, it would not be negative to add a site seal included in the certificate on your website.
Typically, simple blogs with personal information or simple websites with few pages. To avoid warnings in the future that the website is not secure it is a minimum requirement to use SSL. Since there is no need for increased trust there is no need to pay for a certificate unless the free Basic SSL could not be issued.
A small website with information about the company and a contact form could have different need for SSL. Depending on what type of clients (IT and security related versus non IT related such as carpenters for example) we have different recommendations.
If you want a certificate for alias domains on the same web hosting you will need to use a multi-domain certificate for these. This also applies to other sub domains and domains pointing to the same folder on the web server. Read more about SSL certificates that covers more than one address.
Please follow and like us:
SSL certificate not to be used for website
SSL certificate not to be used for websites are often used for email services. They are also used for other services such as FTP, APIs/apps and other services that require SSL. They have in common that they only need the security SSL provides. It is therefore no need for a higher-level certificate than DV certificate.
Since you can only use basic SSL with our web hosting, you will in most cases need a DV certificate (such as Start SSL) which covers one domain.
If you have several sub domains on the same domain you wish to use for such services, we recommend you use Start SSL Plus.