Chrome SSL – The New buzz in Town

Ever wondered why we see a green lock icon with a “Secure” sign on the address bar while accessing some sites on Google Chrome. Despite being unaware of what it actually means, it must have given you a sense of security while surfing such websites. Today, we will give you a brief insight on this topic thus helping you know what it exactly is and why do you see it on your browser.

What is HTTP and HTTPS?

When there came a need to share information on the Internet, the network administrators had to think of a procedure on how to share information without losing security.

They agreed on a procedure for exchanging information and called it Hyper Text Transfer Protocol (HTTP).

Once this protocol was widely in use, people figured out how to intercept networks using this protocol to steal confidential information such as Credit/Debit Card details, password, date of birth, PIN number,etc. In order to secure information exchange on Internet, network administrators came up with another procedure to protect the information they exchanged. This protection relies on SSL Certificate to “encrypt” the data exchanged via internet. Encryption means that the sender and recipient agree upon a “code” and translate their documents into random-looking character strings.

The procedure for encrypting information and then exchanging it is called Hyper Text Transfer Protocol Secure (HTTPS).

How HTTPS works?

Hyper Text Transfer Protocol Secure (HTTPS) encrypts the data (using a code) being exchanged between the sender and the receiver in such a way that only the sender and receiver can read & understand the data and no one else.

Humans could encode their own documents, but computers do it faster and more efficiently. To do this, the computer at each end uses a document called an “SSL Certificate” containing character strings that are the keys to encrypt the information.

SSL certificates contain the computer owner’s “Public Key”.

The owner shares the public key with anyone who wants to send information to the owner. This public key is used to encrypt messages to be sent to the owner. The owner sends those users the SSL certificate, which contains the public key but he does share the private key with anyone. This private key is used to decrypt the messages received by the owner and is known to the owner only.

The security during the transfer is called the Secure Sockets Layer (SSL) and Transport Layer Security (TLS).

The procedure for exchanging public keys using SSL Certificate to enable HTTPS, SSL and TLS is called Public Key Infrastructure (PKI).

What is Chrome SSL?

Whenever we visit a site using the HTTP protocol on Google Chrome we see an ‘i’ icon on the address bar and not the green lock with the “Secure” tag. This symbolizes that information exchange on that website is not encrypted and is not secured by HTTPS protocol. To make this more clear to the user, Google Chrome will mark all HTTP sites as “Not Secure” starting this July, according to a blog post published today by Chrome security product manager Emily Schechter. With version 68, the browser will warn users with an extra notification in the address bar for sites still using the HTTP protocol regardless of whether they have sensitive input fields such as username/password or a payment feature.

How will this make us more secure?

The announcement made by Google regarding labeling all sites using HTTP protocol as “Not Secure” is one of the most stringent steps taken by Google to nudge all unsafe websites from Internet and force them to migrate to HTTPS in order to make Internet a safer place for information exchange.

Moreover for Chrome version 66, any Symantec, GeoTrust, RapidSSL and Thawte SSL certifcates that were issued before June 2016 are now distrusted. Any certificates that have been issued between June 2016 and December 2017 will need to be reissued before October 23, 2018 so as to be tagged “Secure” on the address bar.

There is a wide range of options , right from manual to automated & from free to paid , to issue an SSL Certificate for the website and migrate from HTTP to HTTPS protocol. Following are some well known and widely used SSL Certificate Providers in no particular order:

  1. Verisign (Paid with Free 30-day Trial)- https://www.verisign.com/en_IN/website-presence/website-optimization/ssl-certificates/index.xhtml
  2. GeoTrust ( Paid with Free 30-day Trial) – https://www.geotrust.com/
  3. Comodo (Paid)- https://ssl.comodo.com/
  4. Let’s Encrypt (Free, automated & Open) – https://letsencrypt.org/
  5. Digicert (Paid) – https://www.digicert.com/
  6. Thawte ( Paid) – https://www.thawte.com/
  7. Network Solutions (Paid) – https://www.networksolutions.com/SSL-certificates/index.jsp
  8. GoDaddy (Paid) – https://in.godaddy.com/web-security/ssl-certificate

Even Google’s “Lighthouse” tool can be used to migrate from HTTP protocol to HTTPS protocol. Get to know more about Lighthouse here – https://developers.google.com/web/tools/lighthouse/audits/mixed-content

Google’s movement of making Internet a safer place for information exchange by compelling web developers to migrate from HTTP to HTTPS will ultimately keep our personal information such as Credit/Debit card details, password, date of birth, PIN number, address, etc completely secure through data encryption and will help users identify websites which are not secure for sharing their confidential information.