Why my website says “Your connection to this site is not secure” and how to solve it.
When Chrome or another browser shows a web page as “not secure” it means that the connection is not made through SSL. Therefore, the content of the page is transmitted over the Internet without encryption, so that it is possible to intercept the content of the data transmitted through it.
Why does this warning appear?
In 2017 Google decided to enforce the use of SSL certificates (ie addresses with https:// instead of http://). Since then, when you visit a website without SSL using the Chrome browser, it tells you “Not secure” next to the url, and you get a warning saying that the web is not secure. In addition to the headline “Your connection to this website is not secure”, when you click on the icon to see more information they even allow themselves to talk about “attackers”, steal information, etc. In addition, it decided to penalize the positioning of “unsafe” websites. Nowadays all browsers have the same treatment for sites without ssl.
To avoid these warnings it is necessary to have an SSL certificate (https) installed on your website.
If you want these alerts to not appear in the browser when someone visits your website, this is the solution.
How to solve the problem and have a secure website
Buy an SSL certificate
At CertiSur we help you choose the ssl certificate that best suits the needs of your website.
Adapt your website to work with https
Once the certificate is installed and you can access your website with https://, it is very possible that Google Chrome will continue to say that your website is not secure. This happens because it is normal for your website to have resources that are loaded with http:// addresses, for example the photos on your website are surely linked to http://.
You probably just need to completely replace those links from the old url, with links with the new security protocol, both on the web and in the database, if your website uses databases. Make sure you don’t have any unsafe content.
Force the web to load with SSL
Once you have installed the certificate, and your adapted website, you have to configure your website so that your completely secure website is always loaded.
For this, you have to create a 301 redirect, so that if someone accesses the normal version of the web, the secure version is loaded. This will also tell Google to index the safe version in its search results.
Understanding SSL certificates
What is an SSL certificate?
In order for a website to establish a secure connection (encrypted with https protocol), it is necessary for the server to have an SSL certificate for that domain, installed and configured correctly.
What kind of certificates are there?
Extended Validation Certificate (SSL EV)
Extended validation SSL certificates present the highest levels of security and authentication. To issue a certificate of this type, a Certifying Authority carries out an exhaustive process of verifying the identity of the applicant. The EV certificate guarantees encryption and also guarantees the identity of the company that owns it.
Organization Validated Certificate (SSL OV)
This option includes validation of the applicant’s corporate identity. Businesses or companies implement an organization validation certificate to prove to users and customers that they are legitimate organizations. Before its issuance, the Certification Authority evaluates the relevance of the applicant with respect to the domain for which he is informed.
Domain Validation Certificate (SSL DV)
The Certification Authority issues this class of SSL certificates after evaluating that the requested domain is legitimate. These certificates guarantee the encryption of the data, but do not validate the identity of the company that owns it.
Security changes on Websites today are constant. By using the correct certificates for your website you will be prepared for any updates as they happen.