Revisiting Current HTTPS Issues

by | Sep 28, 2015 | Tips & Tricks | 1 comment

Unless you are a network engineer, which I am not, then the subtleties of using secure socket layers (SSL) to provide your client sites with encrypted content may seem difficult to decipher.  Clients understand typing in https:// instead of https://, but that’s about it.

Rather than tell you “how” to use some of these tools, this post will help you justify site improvements that really need to be done promptly and explain your logic to the client.

Over the past couple of years there are have been events that have spurred webmasters to action.

1). Facebook required secure connections to post to their time line.  That meant that for those clients that want their blog posts to also show up on the Facebook timeline, that in addition to the misery of getting a Facebook App ID and secret key, you now have to also get the client a DEDICATED IP and a secure socket layer. (A plain vanilla one will do.  Usually they are around $60.00.)

2). Ecommerce sites benefit from SSL because even if you hand off the client to someone like PayPal for payment processing, you may still be collecting personal information prior to submission and a secure page protects the customer, your client and you.

3). Google recently announced that they will begin weighting search engine rankings towards sites that are secure.  See https://googlewebmastercentral.blogspot.de/2014/08/https-as-ranking-signal.html

4). Recently PayPal changed their requirements for SSL. >Read the article on PayPal’s SSL requirements for SSL

The gist of their article is that SSL’s need to move off of the VeriSign Root Certificates with a G2 identifier and Update to the SHA-256 signing algorithm.

This bears inspection on your part.  I found several clients using the older technology.  Upgrading was relatively painless, since they were going to pay a renewal fee anyway and an interruption of service was avoided.

Although I am sure there are other sites providing the same service, I was able to use https://www.sslshopper.com/ssl-certificate-tools.html to check the status of client sites quickly.

You should also consider bundling all of this into your site hosting charge.  I make hosting a value-added moment in my business by including

  • A dedicated IP
  • SSL
  • Automatic backups
  • Virus scans
  • and real-time malware security as part of the package.

Sure, they can piece that together themselves, but most clients are happy to “one-stop-shop” that problem to me.

Enjoy your job.

John Langlois
John Langlois is President of Foggy Bottom Web Design, LLC., resides in the mountains of NE Alabama. When he is not wrestling with the WordPress dragon du juor, he enjoys life on his 77 acre farm. Visit https://www.foggybottomwebdesign.com

1 Comment

  1. Charles Grimes
    Charles Grimes on 09/10/2015 at 8:37 pm

    First, EVERY site should run on Port 443 and HTTPS!

    You reference SSL, however using SSL is no longer a good idea. Instead, use TLS 1.2 which is much more secure than the older SSL encryption standard which is basically no longer secure.

    Google “ssl vs tls” and read one or more of the many articles.

Leave a Reply to Charles Grimes Cancel reply