From July 24 Google Chrome will mark all websites, without a valid SSL certificate, directly and immediately visible to every user as unsafe. Thus Google warns very clearly and consistently against the danger and the resulting risks of an unencrypted connection.
With the release of the Chrome browser version 68 in July 24 of this year, a “Not-Secure” warning is displayed in the Chrome browser bar for each web page that does not use a valid SSL certificate.
This can, of course, have a negative effect on the user confidence of website visitors. In addition, the absence of https has a direct impact on the SEO ranking. With this change, Google wants to sensitize users so that they immediately recognize if a website has not taken appropriate security measures to make the Internet safer.
Current versions of Google Chrome already flag websites as “Not secure” if SSL encryption is not used properly in certain scenarios – such as when pages provide login fields.
With the release of Chrome 68, Google extends this warning and displays the “Not secure” message on any HTTP page, regardless of its content.
Google is making this change to better protect users from unsecured connections. This does not minimize the danger that data can be intercepted via secure connections, but because the data is now encrypted, the hacker usually cannot do anything with it.
Now every website operator can imagine for himself what consequences such a report has on the visitors of his own website (regardless of whether it is an e-commerce site or not) or, conversely, what positive effects it has if such a report does not appear.
Now at the latest, it is time to think about which certificate you want to use to secure the connection because Google did not include the aspect of identity verification at all in all the encryption considerations.
SECURE IS NOT SAFE
This has long been our CertCenter philosophy on this topic, which should show you that it is not about pure encryption. No matter which SSL/TLS certificate you choose, encryption is always guaranteed, but compared to organization-validated (OV) or extended validated certificates (EV), domain-validated (DV) certificates have not undergone an identity check.
Your considerations should always include whether you choose a pure technological solution, i.e. only encrypting, or whether you indicate to website visitors with an OV or EV certificate that you have been checked for identity by an independent third party.
If you have any questions about the different types of certificates or other questions, please write to us or call us directly.
We at CertCenter are looking forward to it.
Luis Federico Reimers
Leiter, Marketing & Vertrieb