What is an SSL certificate and why does your website need one?

It has been essential to have an SSL certificate on eCommerce focused websites for many years, but it should now be considered a necessity for all websites to have an SSL certificate installed to provide assurance to visitors that their connection to the site is secure and that any data they submit via web forms or login pages is secure.

For a quick 3 minute explainer on the “how, what and why” of SSL then please take a look at the “What is SSL and how does it work?” video in the footnotes below.

SSL, or Secure Sockets Layer as the acronym stands for 1, is the security technology used to establish an encrypted connection between a website and a visitor’s web browser. This encrypted connection ensures that all data that passes between the website and the browser remains private and secure.

Adding an SSL certificate to your website allows a secure encrypted “https” connection rather than the regular “http” and is typically highlighted in browsers such as Chrome via the use of a padlock icon and the word “Secure” in green text in the address bar.

My site isn’t an eCommerce site, do I still need an SSL certificate?

Google’s Chrome browser (as of version 61/62 and above 2) now treats any website without an SSL certificate (i.e. accessed via the regular “http” protocol) that contains any kind of form fields as not secure and as such will display the “Not Secure” text along with a red warning triangle next to the website’s address in the address bar.

This image shows the difference between the url bar in Chrome 62+ with and without an SSL certificate installed.

So, if your website has pages such as login forms or email enquiry / contact forms or even a simple search field then Chrome will be alerting users that their connection to your site is “Not secure” when they access these pages when running on a regular “http” connection. This warning has the potential to cause some concern to many users of your website, as such an SSL certificate is no longer only necessary on eCommerce sites and should be considered an essential feature of the hosting that your website runs on.

Whilst this change may be a bit disruptive and does prompt some necessary changes to be made to websites, overall it is a change with the best of intentions in that it will increase people’s awareness of the security of the websites they visit and encourage greater usage of SSL across the web.

Beware of “Mixed-content” errors

One issue that can often affect sites when switching over to using HTTPS is getting the dreaded “mixed content” warning in your web browser when visiting your site. Basically a “mixed content” warning occurs when a site is running over HTTPS but one or more elements on the page is still being loaded via a regular insecure HTTP connection. When this occurs web browsers will handle the situation a bit differently depending on which one is being used, it may be a big bold warning or an alert when the user loads the page, or it may be more low-key in that the page loads but simply doesn’t load the element that was requested via HTTP. It’s not uncommon for websites to use various frameworks or libraries like jQuery or content delivery networks for image and file serving and these can often be one the reasons for mixed content errors.

A warning message about Mixed Content in the Firefox web browser.

The solution to these errors is to update the references to these files to make sure that they are requested using HTTPS. In some cases this can be complicated if the resources are requested from a website that doesn’t offer the resource via HTTPS but most likely these issues can be fairly easily resolved. A common circumstance for encountering these kinds of errors can be in themes or plugins for CMS’s like WordPress which can have hard-coded references using HTTP within their code. It may require updates to be made to these themes or plugins to resolve the issue, so you may need to contact the developers to ask them to update their theme or plugin to work using HTTPS connections.

What action should I take?

If you are an existing [wideopenspace] client then please get in touch with us via the details on our Contact page and we can help you take the necessary steps required to get an SSL certificate on your website. Our main “wosBox” hosting platform now offers a standard SSL certificate from a certificate authority called LetsEncrypt as an inclusive part of the annual hosting fees. As such there are no extra ongoing annual costs if your website is already running on our wosBox platform.

If you’re not on the wosBox platform then there will likely be an additional annual cost to add an SSL certificate to your website, please get in touch if you’re not sure which hosting platform your site is on and we can talk through the available options for your site.

The process of enabling a site to work via the secure HTTPS connection does require some changes to the website configuration so there is a one-off cost to make the changes. This cost also covers checking over the site for any mixed-content errors that might be caused by existing settings, themes or plugins that may need to be re-configured to work over HTTPS. The exact cost involved depends on the features of the website but typically this will cost between £150+vat to £300+vat to make the changes.

I’m not an existing [wideopenspace] client, can you help me get an SSL certificate?

Whether you are an existing client of [wideopenspace] or not we can help you in the process of getting an SSL certificate installed on your website. It is possible that the current hosting that your website is on may not support individual SSL certificates so in these cases you may need to look at alternative hosting options. The first step would be to contact your current webhost and ask them about getting an SSL certificate installed on your website. They may well have an existing option for adding SSL to your website and if not then it is likely they will increasingly get enquiries from people asking for the same thing!

Depending on your web host the process of installing an SSL certificate may be as simple as a few clicks within a control panel, however it can at times be a fairly technical process so the time, cost and complexity can vary. Note that whilst there are increasingly more providers of free SSL certificates there are still many webhosts who charge a substantial amount of money to provide SSL certificates.

If you would like us to take a look at your current website configuration and hosting or help you move over to our own website hosting platform then please get in touch to discuss your SSL and website hosting needs further.

 

Footnotes:

  1. SSL: A quick explanation…
  2. More information about Google Chrome’s Not Secure warning
    The “Not Secure” warning will become commonplace in Chrome 62 but may also appear in Chrome 61. Read more about the changes in Google Chrome: http://searchengineland.com/google-emails-warnings-webmasters-chrome-will-mark-http-pages-forms-not-secure-280907

Published on 03 October 2017

Recent Blog Entries