What’s going on with HTTP, HTTPS, and SSL?

You may have noticed, especially if you use the Chrome browser, that atop some websites it says “Secure,” or has a little green lock icon to the left of the website’s URL. Those URLs also start with “https.”

Others have a little “i” with a circle around it, or worse, a red lock icon and the words, “Not Secure.” Those URLs start with “http,” or have an expired or invalid SSL certificate.

For many years, “http” was the norm. Now, starting in July, if your website is not an “https” site, the Chrome browser (and others will soon follow suit) guarantees a “Not Secure” designation, displaying that angry little red lock by your URL. It may even trigger a security warning.

Translating the technobabble

For many years we’ve grown accustomed to seeing the letters HTTP before our website URLs. But as websites grew in size and functionality, they also came to need more secure methods of capturing information, processing payments and more.

This is what an “SSL” Certificate, or “Secure Sockets Layer,” accomplishes, and it is highly recommended to further protect both your website and the users that visit it.

This digital certificate authenticates the identity of a website while encrypting data as it communicates with its server. When an SSL certificate is applied to a website, your “http” becomes “https.”

While a valid SSL certificate is not absolutely required just for your website to go live, popular browsers such as Chrome are finding more and more ways to draw attention to sites that do not have an SSL, making it clear that users like you are browsing at your own risk (and not theirs).

Until July hits, Chrome will display websites without SSL certificates with the circle “i” next to their URLs.

After July, the words “Not Secure” will appear next to the circle “i” as well.

If there are other security concerns on a website, or if the SSL certificate is invalid or expired, “Not Secure” will show up in red alongside the warning triangle icon.

In some cases, an invalid or expired SSL certificate (especially if any other security issues exist) can cause a full-screen warning message like this.

Often there are ways you can still click through to the website you’re trying to reach (though sometimes you have to search for it), and even with flashy warnings like this, it doesn’t necessarily mean that the website is indeed compromised and actively stealing your identity. It might even be a fairly secure site, especially if it’s not doing transactions or collecting subscribers.

But warnings like this sure do make people nervous. And you don’t want that to happen to seekers trying to check out your ministry.

Fortunately, it’s not too tricky to prevent this, and it may not even have to cost you a cent. But you will need administrative access to your website, or some assistance from your website developer.

Your hosting provider may offer low cost or free options for SSL certificates, and you can always try options like LetsEncrypt.com .

Additionally, the existence of HTTPS on your website is indeed a ranking factor when it comes to search engine optimization (SEO)! 

So aside from increased security and assurance, obtaining an SSL certificate also helps your website be looked upon more favorably by Google.

Find out more about SSL certificates, HTTPS, and the July change with these recommended articles:

“Chrome will mark all HTTP sites as ‘not secure’ starting in July”

https://www.theverge.com/2018/2/8/16991254/chrome-not-secure-marked-http-encryption-ssl

“A secure web is here to stay: Google Security Blog”

https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html

“What is an SSL Certificate?” 

https://www.godaddy.com/help/what-is-an-ssl-certificate-542