Our website is made possible by displaying online advertisements to our visitors.
Please consider supporting us by disabling your ad blocker.
-
Web Guru
Time for HTTPS?
Google recently announced that any page that has a form asking for payment details or has a password field in it will be marked in their Chrome browser as not secure, starting January 1st 2017. See: -
Google Online Security Blog - Moving towards a more secure web
Come in HTTP, your time is up
Chrome to Label Some HTTP Sites ‘Not Secure’ in 2017
Many MDD member sites have customer login sections. If this is through DJEP they're usually framed, I think, and so might be OK, but I've seen others that use their own forms and those really need to think about installing SSLs to enable HTTPS.
Also, anything requiring Geo-location now requires HTTPS. This probably has less of an impact, unless you're trying to determine where the visitor is, of course.
One plus is that if you do jump to HTTPS, you can then add a payment form (using, for example, Stripe, who insist on an SSL) relatively easily.
-
I've installed Let's Encrypt on all my domains so if any of my clients need/want it then it's there ready and waiting.
-
Originally Posted by
discomobiledj
I've installed Let's Encrypt on all my domains so if any of my clients need/want it then it's there ready and waiting.
The major barrier for me is the ability to run multiple HTTPS sites off a single IP. Unfortunately I'm still on a Win2k8 server with IIS 7 so I can't use SNI. How are you doing it?
Julian
-
Originally Posted by
DJ Jules
The major barrier for me is the ability to run multiple HTTPS sites off a single IP. Unfortunately I'm still on a Win2k8 server with IIS 7 so I can't use SNI. How are you doing it?
Julian
It's all off the same IP but each one is registered against the domain name rather than IP.
-
I have a secure payment page using stripe. So things are already setup for HTTPS, thanks to Marc.
-
Web Guru
Originally Posted by
discomobiledj
It's all off the same IP but each one is registered against the domain name rather than IP.
SSL cerrts are usually issued against domains. The problem is that, traditionally, each has to be on a unique IP. Until SNI came along - which allows multiple SSLs sharing a single IP. But not every hosting platform supports SNI, nor every browser (although most modern browsers do, so that's less of an issue now).
-
Web Guru
Originally Posted by
DJ Jules
The major barrier for me is the ability to run multiple HTTPS sites off a single IP. Unfortunately I'm still on a Win2k8 server with IIS 7 so I can't use SNI. How are you doing it?
Installing Let's Encrypt on any windows machine doesn't seem so straightforward. There are instructions at https://www.coderamblings.net/archiv...a-safer-place/, and the comments there claim to have had success on Windows Server 2008.
You'll still need SNI support if you want them on the same IP, though. And I don't think that's supported in IIS 7, or it is but it's a workaround involving installing Apache (https://www.orderfactory.com/article...s-2008-R2.html).
Last edited by Marc J; 09-11-2016 at 12:20 PM.
-
Web Guru
-
Let's Encypt seems useful for Google's new "loving SSL" websites requirement.
It's expensive to pay around £40 a year for an SSL certificate for a website that doesn't carry any payment transactions.
Shame TSO Host don't support it, and appear to be avoiding answering whether they will or won't support it.
-
Web Guru
Originally Posted by
rth_discos
Shame TSO Host don't support it, and appear to be avoiding answering whether they will or won't support it.
They're listed on Web Hosting who support Lets Encrypt under "Waiting/Delayed".
https://twitter.com/tsohost/status/722448514228318208
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules