1

Hi All,

I have noticed and read a lot of articles that suggest google are starting to display ‘Not secured’ on websites that currently do not have an SSL when using google chrome.

We currently have a lot of customers on our hosting platform and we want to offer a SSL certificate to our customers. The majority of our customers do not take payment via there site and if they do they use a 3rd party like paypal. My question is what is the minimum certificate they need for a basic website? and what is the minimum certificate for a shopping website?

We are looking to make this affordable so any suggestions would be great.

Kind Regards

Alex

3 Spice ups
2 
My question is what is the minimum certificate they need for a basic website?

Do you meant user trust level ?. There are three types of user trust levels,

Domain validated certificates ( DL ), Organisation validated certificates ( OL ) and Extended validated certificates ( EL ).

DL is the cheapest, and is for domain validation purpose only. For a shopping website which has payment gateway you can use EL certificates, and has most user trust.

3

There is no “minimum” as such. It’s more of a marketing effort.

All basic certificates give you a secure connection and can be used for any site - whether it takes payments or not.

However, a lot of businesses want to have the green bar in the URL, for which you need a so-called EV (enhanced verification) certificate - but EV certificates aren’t more secure from an encryption perspective.

I can recommend GlobalSign Alpha certificates as being pretty cost effective - but I’m sure there are cheaper ones out there.

You can even get free certificates from some providers - at least on a trial basis.

4

Chrome will only display IF theres somesort of login/authentitcation form thats either displayed or submitted(POST) via http

Also http/2.0 will be https only so start to get ready.

1 Spice up
5

Any time frame on when this is happening? and what will happen to the websites if they don’t have an SSL?

6

http2.0 - available right now, just a matter of running a compatible server! As to when http1.x wont be available on the browser anymore no timeline as yet from what I’;ve seen

but https everywhere is a mid term goal for most folks

1 Spice up
7

Google have been using SSL as a positive ranking factor on websites for quite some time. I think in January they introduced displaying not secure, on any website with a text form on a web page detected by Chrome.

Another thing to watch for is mixed content errors. If an image or an asset (google fonts) loads over HTTP, it also brings up the security warnings.

All the big tech firms have been saying for quite some time, for anyone offering web hosting to clients, this has been in the news, coming down the pipe for ages.

A widely accepted price tag for SSL certs for a single site, £30-£60 per year as a ballpark. There is the “Lets Encrypt” way of doing it which costs nothing but you need to do scripting and automation.

Or you can use CloudFlare certificates Cloudflare Free SSL/TLS | Get SSL Certificates - For self signed origin certs as well now, free.

Now, imagine the pitfalls of using one or more of these items, you need to be sure that you understand the implications behind each tool, that the specific customer requirements for each web host is understood.

2 Spice ups
8

Also, achieving HTTPS on your website is pretty easy and cheap. Services like Cloudflare offer SSL out of the box and free of charge - be it you get a shared certificate, but it’s still making the process so much easier, even if you’re no expert.

2 Spice ups
9

You could also look at Lets encrypt, ( https://letsencrypt.org/ ) its free, and you can generate them yourself, however they are only DV and don’t offer the green bar that EV does.

1 Spice up