Kick ‘Not Secure’ to the Curb: 4 Steps to SSL
Michael Cocanower – a certified ethical hacker who uses his powers for good and not evil – gives his insight on Google’s latest update and how he changed his website to SSL (Secure Sockets Layer). Michael Cocanower is also President and CEO of itSynergy.
Google’s latest update caught my attention
Google has recently announced that they are going to release an update to their Chrome browser that will start labeling websites not using encryption as ‘Not Secure’ in the address bar.
As an IT consulting company with a very heavy focus on cybersecurity, I certainly don’t want people seeing “Not Secure” right next to our company name in the address bar so I set out to change our site over to SSL and share my experience, so you could do the same.
Steps to change your site to SSL
- Get an SSL certificate
I used GoDaddy to purchase our certificate but there are several providers that you can use. The first choice I was faced with is what type of certificate to buy – there were 3 flavors with each one being more expensive than the last. The difference between the 3 (aside from cost) is the validation process you must go through to get your certificate.
For purposes of the Chrome browser, any of the options will help you to avoid the “Not Secure” label, but I decided to step it up a notch with an “OV” certificate for $130 – which stands for Organization Validation. That means not only do they validate I own my domain name, but they also validate that my company is in fact real and does exist.
Making that choice ended up costing me several extra days of delay while I went through a thorough and extensive validation process, so just be aware of that if that’s the way you want to go. By contrast, the most basic DV or domain validation certificate for $60 only validates you own the domain name and is usually issued in hours.
- Install the certificate on your website
In my case, our site is hosted at GoDaddy and so they did this for me automatically. If that isn’t the case for you, you just need to work with the company who hosts your website to get the certificate installed. In fact, you ought to start that discussion with them in the very beginning, so they can make you aware of any requirements before you start spending money.
- Test the certificate to make sure it works
When the installation of the certificate is complete, go to https://yourdomain.com and make sure it shows in the browser as being secure (usually by displaying a padlock). You’ll also want to make sure that if you try to go to the unencrypted site, you get automatically redirected to the secure version.
You can test this by going to http://yourdomain.com and see if you get redirected to the secure address. In my case, GoDaddy also asked me to make some DNS changes for my site – you’ll need to work with your web hosting company or IT support if that is the case for you.
- Work with Google to do a site move
Lastly, you’ll want to work with Google to do what they call a site move with URL change. This lets Google know that your encrypted site is the same as your unencrypted site so that you don’t lose all your search rankings and history. If you go to Google and search for “Move a site with URL changes” the very first thing in the list will give you an overview of the process.
We’ve reached a day and age where having an unencrypted website just isn’t viable anymore. For some time, Google has been giving encrypted sites a boost over unencrypted sites in search rankings. Couple that with the new ‘Not Secure’ label that will be added to your site when visitors arrive and you’re putting customer perception in jeopardy.
Fortunately, by following the few steps I’ve given you, converting is a relatively easy process and you’ll sleep soundly at night knowing that all the unethical hackers out there can no longer snoop around your unencrypted website.
As you go through this process, feel free to post any of your experiences into the comments below and if you’re a customer just tell us you want this done and we’ll take care of everything. And if you have any questions about security, you can contact us online or by phone at 602-297-2400.