Yet another public service reminder about non-HTTPS pages (re. Google and SSL)
In October 2017, browser warnings will appear on all form types of pages.
While every page on the Chrome browser will load normally, when a user begins filling out any kind of form field or search boxes on a website, a warning will appear in the address bar.
This will likely end online commerce for many websites—until they get their SSL certificate in place and set up accordingly.
- Eventually, all non-SSL pages will be flagged as “Not Secure”.
– Also posted in Google+: https://plus.google.com/+Hackrepair/posts/eqMyMFhTSTy)
Regarding SSL certificates and Cloudflare
Regarding SSL certificates and Cloudflare. Now don’t get me wrong, I’m a big fan of Cloudflare and have posted quite a few articles recommending the service for a variety of reasons, one being free SSL.
But, there is one caveat. While the free SSL plan works wonderfully well,
if a curious client or customer checks your SSL certificate using any of
the free online SSL checking tools, they may find other less scrupulous
websites “sharing your Cloudflare SSL certificate“.
Below is an example of a website set to Cloudflare. Note the other domain
listed in yellow.
Agreed, it requires a tech savvy customer or client to check for domains
sharing your SSL certificate. And then there is the question of “Who
cares?” or “Does it really matter?” I would argue that security wise it
doesn’t’ really matter, but client perception wise—that’s an unpredictable
thing.
And you may ask, “Well, what about other free SSL certificates, don’t they
show similarly?”
Answer: Yes. AutoSSL, a cPanel standard for free SSL certificates, may
likewise list other domains sharing the same IP address.
So it could be argued, that in today’s world of shared IP’s and a scarcity
of dedicated IP addresses available to shared clients that a dedicated IP
address remains a some what valid concern, “if” you are worried about
someone checking your SSL certificate and finding your website’s domain is
shared with pharmacy or more damaging website addresses as well.
This is all food for thought.
What do you think about the issue of shared SSL certificates displaying other web site addresses not associated with your business or website address?