Chrome will mark all sites without HTTPS as not secure from July

9 February 2018

Google announced that Chrome version 68, expected by July 2018, will display all websites without an SSL certificate as insecure.

What will change, exactly?

From July this year, Google Chrome will no longer mark a page as insecure based on whether it contains input fields or not. Instead, a warning will be displayed on all pages that do not use a secure HTTPS connection.

HTTP warning Chrome 68

The changes to the Chrome browser are made gradually. From January 2017, Chrome showed a warning when web pages processed personal data such as passwords and credit card data via an unencrypted HTTP connection.
And since October last year, all pages with unsecured entry fields showed a warning.

Google is gradually making changes to their popular Chrome browser. As of January 2017, Chrome warns when visiting web pages that process personal data such as passwords and credit card information over an unencrypted HTTP connection. Furthermore, in October last year, a warning has been put up for all pages with insecure input fields.

Why these changes?

This change is the next step in Google's aim for HTTPS as standard, which they are actively working on from 2015 onwards. Google indicates that they expect the market to be ready for this adjustment halfway through this year.
The majority of traffic via Chrome is already being processed via HTTPS and the use of HTTPS, as we discussed earlier, only increases. In addition, more than 80% of the Top 100 websites now uses HTTPS.

How do you prevent warnings on your website?

To prevent warnings in Chrome you need an HTTPS connection, for which you need an SSL certificate. At the moment, Google does not make any distinction between the different types of SSL certificates, so every SSL certificate is suitable for the prevention of warnings.

Certificates with company details

In addition to an encrypted connection, authentication is an important function of SSL certificates - this applies to all public, and especially commercial websites. For this, you need an SSL certificate with company details. The strong increase in HTTPS usage also causes a significant increase of SSL abuse for phishing sites. Domain Validation certificates are mainly used for this purpose, because the issuance process is less strict. It is expected that Google will distinct different types of certificates from each other in the future - with or without company data or EV certificates with green address bar.

If you want to protect your image and your visitors’ safety, then you need a certificate with company details. Using the Xolphin Certificate Wizard, you will find the right certificate for every appliance.



SSLCheck

Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues