Sometimes change can devastate your life (remember when Freddos went up from 10p to 15p to 25p??); but sometimes it can be a great thing, and as it’s fairly rare for big biz players to admit that anything needs changing – and do it quickly – it can make a change even sweeter. So, this is the big security move that you need to know about, and one that will almost certainly affect you.
What is all this SSL and SHA business?
OK, bear with, as I go down the technical rabbit hole a little. As we’ve mentioned before, SSL certificates are used to encrypt traffic between two devices, proving that your site is what it says it is, and that it’s all safe (so hackers can’t fake your site and lure people there, or read your sensitive info). About 90% of sites use SSL encryption, and you see it as the ‘https’ bit in your browser’s address bar with a padlock symbol. Some certificates also turn the address bar green.
The next layer of the security cake (although it feels more like an onion right now because it’s gonna make the internet cry!), is the SHA part, which is the algorithm used to generate the certificate.
What’s the kerfuffle right now?
Until recently most sites have been using SHA-1, but it’s getting a bit old-time and is now kinda crackable. So lots of experts want to upgrade to SHA-2, which is much stronger and supported nearly everywhere.
The brains behind browsers have plans to move everything over to SHA-2, but it might take them years; for example, Microsoft and Mozilla probably won’t move over until 2016. But Google has decided to take the lead on this, and is pushing for it to happen sooner.
What you and your site’s visitors will actually see is a change in the security indicator in their Chrome browser’s URL bar, which will let you know the site’s current SSL status. There are three stages to the move, which will appear over the next few months; here’s a basic idea of what to expect if your certificate remains SHA-1 encrypted*:
1. 26th Sept 2014 – a yellow warning triangle, which means ‘secure, but with minor errors’.
2. 7th Nov 2014 – a blank page icon means ‘secure but with minor errors’ or ‘neutral, lacking security’ depending on when the certificate expires.
3.Q1 2015 – a lock with a red ‘X’ and dash through ‘https’ means ‘secure, but with minor errors’ or ‘affirmatively insecure’, again depending on certificate expiry date.
Why do you need to change your SSL, right now?
Essentially for businesses the most important thing is that if you’re using SHA-1 then to upgrade your SSL certificate to SHA-2 as soon as you can, to protect your customers’ – and your own – information. This will also give your customers peace of mind; as more users realise what’s happening, it’s more likely they will get spooked by warning indicators in the address bar and navigate away from your page.
THE GOOD NEWS!
The good news is it’s actually super easy to update, you just need to upgrade your SSL certificate! If you’re with UKFast, all new SSL certificates issued by us will be SHA-2, and if you already have an existing one with us it’s free to upgrade from your SHA-1 certificate to a SHA-2 – there will be a replace button available in your MyUKFast area very soon.
You’ll need to revalidate all domains secured on it and reinstall, but it’s a pretty painless process compared to jeopardising your business and future revenue, wouldn’t ya say?
Still not using SSL?
With all the latest security scares it’s worth having something that shouts about how secure your site is, and SSL certificates are a great way to do that. Even better, with Google’s recent SSL SERPs move, having one can boost your search ranking too!
So, if you don’t have one yet, check out our range of SSL certificates – from basic single domain right up to multi-domain and wildcard EV certificates, and we offer certificates issued by industry leaders Comodo and Symantec. Plus, to live up to our speedy name, our FastSSL can be validated and issued within minutes of ordering!
*Images from Google’s Online Security Blog