In its vision to establish a more secure web, Google has been pushing enterprises to migrate their websites to HTTPS for quite a while. As a part of this strategy, Google recently announced that starting with the release of Chrome 68 in July 2018, it will flag all HTTP sites with a "Not Secure" badge, even if they don't collect sensitive information. Going forward, Google also plans to replace the "Not Secure" badge with a red triangle security indicator, which is currently being used to flag websites with very serious security errors.
There are many reasons why you should consider migrating your websites to HTTPS as a top priority. First, websites without HTTPS will bear the "Not Secure" badge starting this July, which will undoubtedly cause visitors to your site to question your organization's legitimacy. Second, your website will miss out on Google's improved ranking factor—an algorithm where Google slightly boosts HTTPS pages over pages with HTTP in its search results. And finally, from a security stance, without SSL security on connections to your site, attackers are able to intercept the connection and potentially steal data.
Organizations may consider migrating to HTTPS gradually, especially if they house a large number of web applications. Migrating in parts is a good way to avoid configuration errors. However, during a Google Webmaster hangout, it was explained that Google recognizes migrations better when the transition is done all at once. If done incorrectly, or in small parts, the domain's search ranking could take a huge hit.
Apart from the long SEO checklist you need to take care of, the foremost aspect of HTTPS migration is deploying SSL certificates to all sites within your network. However, manually acquiring and deploying SSL certificates simultaneously for all domains is highly stressful and cumbersome, and so is streamlining SSL certificate management-related activities.
If your organization is planning to transition, check out Key Manager Plus, our web-based SSH key and SSL certificate management solution. Key Manager Plus helps you centrally acquire, consolidate, deploy, track, renew, and audit the entire life cycle of SSH keys and SSL certificates. It provides complete visibility into your SSL environment and automates all SSL certificate management-related operations.
Key Manager Plus is integrated with ManageEngine’s Password Manager Pro, to provide unified privileged identity management platform.
ManageEngine’s Key Manager Plus enables us to stay on top of SSL certificates for all of our websites. With Key Manager Plus, we’re able to monitor which certificates are nearing expiration and roll out new certificates in a timely manner.Ken Odibe Senior cloud infrastructure consultant, Sapphire systems.