Why are 2 year Certificates going?

This is due to Google making Chrome not accept certificates that are valid for more than 1 year. Other browsers have followed suit. Their reasoning behind this is to force certificates to be issued more frequently. If they are then there is less chance for things to go wrong with stolen certificates. Google don’t use the SSL revoked list, a certificate that has been issued, compromised and subsequently revoked can be used. Other browsers that do use the revoked list would not accept this certificate. This new method means that the certificate is only valid for a year so the maximum time it could be used is 1 year.

No matter what their rational behind it is, the fact remains that as of the 20th August you will no longer be able to purchase a certificate for 2 years and any that are issued after this time will automatically be rejected by all browsers as of next year.

What can I do?

If you want a 2 year SSL certificate then get one that is issued before 20th August 2020 and it will be valid. After that time you will just have to buy a 1 year one.

We have already removed the 2 year option from our certificates but if you want one then please submit a support ticket from your account or a presales ticket before the 18th August to give us enough time to get a certificate issued. The higher the grade certificate the longer it needs to be issued. so do not delay.

Read more about Website Security and SSL certificates.

Don’t forget to check out these other Products too

You can also read more about us and the products and services we offer.

The Identified Issue

The Chrome developers at Google questioned the validity of E.V. certificates some months ago after carry out research with users. They discovered that it made absolutely no difference to users behavior when entering credit card or username and password information on websites. In fact most users do not even know the difference between a bottom of the range ACME (Automated Certificate Management Environment) certificate provided by the likes of Let’s Encrypt and the top of thee range, most expensive E.V certs. They called for action to be taken in this but no solution has been found to correct this.

The Result

The results of this research, combined with the fact that the E.V. certificates take up much needed space on the address bar, and it has been dropped on most mobile platforms already is that it will now be removed from Chrome. Mozilla has said it will also be removing it from Firefox in the very near future as well. Going forward all browsers will move the E.V information to the Certificate information section which needs to be clicked to be seen. This move basically renders the E.V certificate dead. They cost substantially more than any other type of certificate and are much harder to obtain due to the level of scrutiny required to obtain one.

What Are The Differences Between SSL Certificates

The different types of certificate available to websites were meant to be a representative of how secure or how much trust you could give to the website. a basic ACME type of certificate provided by the likes of Let’s Encrypt is the bottom of the range. There is absolutely no trust in the company or entity that owns the domain or website. There is  no checks made on them. So if they put up a website that looks like you local bank, it matter not to the certificate supplier as they are not looking at it. The ACME certificates are automatically installed and renewed as long as the basics can be verified. That being that the DNS records can have one added to it and it is hosted on that server. This is the cheapest type as they are usually free and only come in the basic encryption level.

The cheapest paid for certificates are much the same but there is a check on the domain made that means that an actual person has to verify they own the domain name by way of an email sent to an email address on the domain, such as admin, administrator or webmaster. This only proves that the person asking for the certificate is an actual person who has access to the domain and email account. These are also know as D.V. (Domain Vetted) certificates.

The next level up is O.V. (Organisation Vetted) certificates. These are a bit more expensive but give the user some information about the organisation behind the certificate so that they can be more sure of who they are dealing with. These require the issuing authority to check the person/company actually exists before issuing a certificate. They therefor take longer to issue than the ACME which are instant and the DV certificates which are usually within an hour.

The next Level is the E.V. (Extended Validation) certificates. These are much harder to get as there is a lot more checks carried out by a human being in the issuing authority and so the cost is much higher for them. They use to give you a green bar at the top and a green padlock on other browsers. The should have allowed visitors to know that you have been fully vetted and can be trusted to take credit card details. They were akin to the old fashioned banks. In the Old Wild West, there was a big problem with banks opening up, taking in customer deposits and then disappearing by morning, in some cases a while later, but you get the idea. They would open up, take money in and then as quick as they arrived they were gone, with all the money. That is why banks have big buildings that cost lots of money, to show that they were there fro the long haul and were trust worth. The average conman did not want to spend any money on something he was going to throw away. EV certificates were the same for the internet. Deliberately expensive and hard to get so that the holder of one could show they were trustworthy and not a conman.

Sadly, people have not recognised this and as there has been no way proposed to correct this, the browsers who are responsible for showing you the difference are moving the only identifiers to a location very few people ever look.

Having the display of the extra security that the EV certificates provide is not in line with Chromes goal of security by default and then showing those who are not secure in a bad light, rather than promoting those who make things extra secure. There is still a case use for the OV and DV certificates but the EV certificates will probably be phased out as there is little benefit to them above an OV certificate.

Only time will tell, for the moment though you can get any of these certificates in our store and the ACME certificates are available on all new hosting accounts as well.

Stay Safe.

CritchCorp Computers Support

photo credit: Link to EpicTop10.com SSL via photopin (license)

• .space
• .black
• .blue
• .pet
• .pink
• .pro
• .promo
• .red

If there is a TLD that you want and it is not in our shop, let us know and we will see if we can add it, and maybe give you a discount on a new domain name on that TLD as a “thank you” recommending it.

Also there have been some price increases this month. You can see the current prices here.

[ink-ad-creator ad=”981″][/ink-ad-creator]

Click here to go get one now!

This promotion runs from 11th July until 31st August 2018 and all orders must be submitted through your yesDomains.co.uk account by 16:00 on the 31st August to ensure they are processed in time to qualify, so don’t leave it too late!

With Google Chrome’s new release imminent and the fact that it will start to heavily penalise those who do not have an SSL certificate, we are working hard to bring down the cost of this must-have product for your website. We take care of the techy bits so you don’t have to worry about it and you get a FREE TrueSeal Secured Site seal to show that you are now secure.

We are working hard to bring the prices down for the managed SSL products but they are not likely to come down this much! At the moment everyone is in need of these, so take advantage of the offer now!

Don’t forget to check out these other Products too

You can also read more about us and the products and services we offer.

That’s right, as of July 2018 Google Chrome will start reporting non-SSL sites (that is sites that don’t use https:// for access) as insecure. This is a major change from the current norm which is to highlight sites that use SSL certificates with a green SECURE next to the address and other browsers who use a green padlock. They will from July this year not show the green SECURE but they will show a NOT SECURE next to any site that does not have an SSL certificate. Making the norm to have an SSL certificate. That is going to be followed in the future by a warning screen that informs users that continuing to your site is not recommended. Though the warning wall is not being implemented right away it is planned for the future.

The new move forces website owners to have an SSL certificate and make their site secure, even if it is not required, or risk losing visitors that are scared away.

There are several different types of SSL certificate and the higher (more expensive) ones will still show the green bar in the address bar, but the norm will be to have one of the cheaper ones and if you don’t have any or it expires, the company backing the SSL cert (Cert provider not the retailer) goes out of business or has their master certificate rejected then you will be faced with a blocking screen when trying to get to your site which will prevent users from going there, with warnings that your site is insecure and should not be visited. This is obviously not good for business.

Google have also hinted that sites that use SSL certificates currently get a boost in the Google rankings over those who do not.

At CritchCorp Computers Ltd we have a quick and easy way for you to comply with this new Google rule for all our shared hosting customers you can purchase a fully managed SSL certificate from your yesDomains account or submit a support ticket here to get the ball rolling. It is quite an in-depth process but we will take care of it for you, with as little interaction as possible required by you. Please go here to get started.

The industry is working towards lowering the cost of SSL certificates to nothing and automating the install and renewal process, but that is still in development so for the time being you will need to purchase an SSL certificate in the normal way. If you want the users browser to light up in green then you need to select the Extended Validation (EV) certificate otherwise the cheaper normal one will suffice to prevent you being labelled as NOT SECURE. We have monthly or annual billing options to spread the cost but all certificates are annual commitments.

We use Comodo, DigiCert, Symantec, Thwarte, GeoTrust and Trustwave certificates  that are strong providers in this field and highly unlikely to go out of business or have their master certificates rejected. This provides you with stability and reassurance that your certificate will not become invalid before it expires as does happen from time to time with smaller SSL providers.

If you want to read the Google blog entry about this; with their advertising spin on it then click here. What this does do is add further costs to businesses. Whilst we absolutely agree that any site that accepts payments or collects user data should be secure, there are still many sites that do not and so forcing them to have this does seem unfair to us, but that is what the mighty Google has decided and so it shall unfortunately be.

There has been some discussion about the colour of the NOT SECURE. The current SECURE label is green and it is understood that the new NOT SECURE is going to be Red, although some discussions at Google say it will be more neutral, which ever it is it isn’t good for business.

Keep safe

CritchCorp Computers Ltd