Web Browsers have now started marking HTTP sites as ‘Not Secure’ with release of Chrome 68+.
For the past several years, Google strongly advising webmasters (sites) to adopting HTTPS encryption. Google said that within the last year, they helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”.
Lately at SSL Support Desk – Acmetek we have been getting a lot of clients coming across a “Not secure” message on their website even after installing an SSL Certificate.
Causes:
- Now with Chrome demanding that everything be in https admins must forward all traffic on websites to https. Non https encryption sessions will show the “Not Secure” message within a Chrome URL.
- You have the SSL Certificate installed on your website but you are not automatically forwarding web traffic to https for encryption.
Resolution:
Even if you have an SSL Certificate installed on the website there is a special web configuration that network admins must make to forward all traffic to https. How to forward web traffic will vary depending on your server or website cloud provider.
Example:
If I type in www.localhost/ssl into my Chrome browser without forwarding traffic to https I will go into a regular non https session and get the “Not Secure” warning message. This non https session is referred to as a regular session or http – port 80
But because we have forwarded all traffic to https users will automatically get sent to the secure https session without even knowing it.
Many browsers have become the enforcers of security. The likely hood of this happening with other web browsers is highly likely. All Admins should now forward their website traffic to https if they want to avoid Not secure messages on browsers if they want to avoid those ugly warnings.
Consult your web admins or web developers on how to perform this configuration.
Posted by:
Dominic Rafael
Senior Lead IT Engineer
Be sure to Subscribe!!