Wetlook World ForumCurrent time: Mon 13/05/24 00:00:09 GMT |
Message # 79312.2.1.1.1 Subject: Ahem ;-) Date: Tue 10/12/19 21:12:14 GMT Name: Malvineous Email: mrnemesis@ntlworld.com |
Report Abuse or Problem to Nigel at Minxmovies
|
With all due respect, that is not true.
SSL certificates range all the way from expensive down to free. SAN certificates (that cover two or more separate domains or hosts) are pricey, but a standard single-host domain validation certificate (that simply proves that you are on the site you think you are) is cheap. (The job of a certificate is really to ensure that you are on the site you think you are, which combines your trust in the operating system vendor and the integrity of your computer along with a reputable agency to affirm the reliability of the identity the site presents to you. Once you are past this stage, you then establish a secure connection. Self-signed certificates still give you a secure connection, but it could be to anyone anywhere.)
However, with an industry-standard Let’s Encrypt, the certificate is free and the renewal is automated, so if your hosting provider offers that (as mine does) it is simply a matter of ticking a box to enable HTTPS, and job done, no further cost. Whether Let’s Encrypt is a valid and trustworthy service could be a matter of debate, but it’s industry-standard and ticks the boxes as far as Google is concerned.
The more expensive certificates get you increased levels of organisational validation, where the certification authority validates that the certificate request itself was authorised to the genuine company. For many businesses, this is not necessary, but this service increases trust level in businesses likely to be impersonated, such as banks and merchant services. (These used to be the green bar certificates, but browsers have redesigned the way trust level is presented in recent years too many times to keep track of.)
I’ve been dealing with SSL certificates for years, and standard ones have always been cheap in all my dealings with them — I think the idea that they are expensive is either a misconception, or a reflection of years past.
Personally, my site runs non-HTTP mostly, because I don’t want to suggest that there is anything that eavesdroppers could take (I don’t even set cookies, and there is no tracking or analytics). However, HTTPS is active and some circumstances I advertise links as HTTPS just to offer a bit of reassurance. Google still returns my site in search results despite it being non-HTTPS. It’s very specialist though, so I have no competitors to fight against; I can see being HTTP-only being a problem in the commercial space, but this is a hobby site. |
In reply to Message (79312.2.1.1) also...fyi...you are de-ranked from Google
By MK - wamtec@comcast.net Tue 10/12/19 20:03:04 GMT FYI.....aside from Firefox and Chrome browsers who now punish those sites without an SSL (HTTP) certificate by calling those sites UNSECURE.....The Google search engine also punishes webmasters who do not have SSL by de-ranking and in some cases de-listing those sites from Google searches....see this article....
https://seo-hacker.com/google-adopt-https/
So this really is a racket.....you either buy an expensive SSL certificate for your site every year.....or else you disappear from Google searches.
This is more about generating fees for the Domain registration industry, than it is about security.
MK |
In reply to Message (79312.2.1) Re:My advice for such sights
By MK - wamtec@comcast.net Tue 10/12/19 19:48:48 GMT Don't be concerned about this. There is nothing you can do about it on the customer side. It just means that the webmaster has not renewed his SSL certificate (HTTPS) so that is why it is coming up that way...because the site's SSL certificate has expired. Only the webmaster can fix that. As Miguel said....this is not a problem because all sites with a payment processor link to an external payment server that is fully secure anyway.
FYI....this forum is no different.....it comes up on my browser as an unsecure site as well...because the SSL certificate has expired...
I think that SSL certificates are somewhat of a scam that is perpetrated on webmasters and is a means to gouge webmasters with more fees....because the annual fees to renew a SSL certificate are expensive.....and the browser industry punishes webmasters who do not pay those extra SSL fees by flagging their sites as "unsecure" in their browsers.
It's no different to the mafia insisting you buy an expensive special badge for your store...and if you don't....then you are targeted for persecution.
As Miguel said...so long as the site connects to a secure server for payment processing....which all paysites do, then having an SSL cert on your main site seems superfluous to me....but then again...I am not a techie....this is just my lay person's opinon....i.e. SSL certs are a "racket" designed to generate extra bucks for the Domain registration companies.
|
In reply to Message (79312.2) My advice for such sights
By MiguelWarsaw - Tue 10/12/19 09:09:20 GMT Just use a password you don’t use for anything else and such a username if needed. And you won’t have any problems. The payment server is secure. |
In reply to Message (79312) WAMInStyle
By JP - pjn967@hotmail.com Tue 10/12/19 03:43:05 GMT I'm trying to join WAMInStyle but when I try to register I get an Insecure password warning, for both Firefox and Chrome. I tried to correct this by typing https:// in formt od the URL but that did not work. Any thoughts about this? |
Report Abuse or Problem to Nigel at Minxmovies
If you enjoy this forum, then please make a small donation to help with running costs:
(you can change amount)
|
[ This page took 0.002 seconds to generate ]