User Level: 

We are applying SSL certificates to all Acquia Drupal sites today.

What we are doing
Today, Web and Mobile Services will be applying SSL certificates across all Drupal sites hosted in Acquia. We have until 4pm today to apply this change (as requested by our leadership).

What this means for you
If you have embedded a file or image into a web page that points to somewhere not on your own site, that uses HTTP and not HTTPS, the page in question will cause a browser to display an error informing the user that the page is not secure. The severity of this error message is different among  browsers.

When is this happening
We will be applying the certs this afternoon and will send an update message once it is complete. We will continue work throughout the day, fixing any HTTP embed issues.

What Is An SSL Certificate?

An SSL (Secure Sockets Layer) Certificate is a small data file that digitally binds an organization to a website's domain via a very complex ID number known as a key.

These certificates are installed on a web server, which is a big computer that holds all of an organization's files that are available on the web.

Your computer makes a connection with a web server using a HyperText Transfer Protocol (the http part of a web address). When your computer encounters an SSL Certificate, the HTTP will change to an HTTPS. This indicates that the connection between your computer and the web server is now encrypted, which is a much more secure connection than the standard HTTP.

Why Haven't We Had To Do This In The Past?

There is a cost to obtain and maintain an SSL Certificate. Depending on how the certificate is applied the cost can become very prohibitive. Web and Mobile Services has over 200 websites to certify through our cloud hosting service. As of July 23rd, 2018, we received the approval to create a wildcard SSL Certificate, which covers all of our websites under one certificate and is a much less expensive option than a one certificate per site method.

Why Do We Want To Use SSL Certificates?

The websites that OSU's Web and Mobile Services provide do not serve as payment gateways and do not store sensitive data due to FERPA requirements, therefore the need for heightened security measures hasn't really been a necessity.

Web security is becoming a much more serious issue, however. Modern versions of all browsers will now produce some type of warning message when the connection is not https.

Click on an image to make it bigger.
Google Chrome security warning near address bar

1. Google Chrome Security Warning

Google Chrome puts a nifty little Not Secure message at the upper left of your address bar.

In addition to keeping online data secure and enhancing customer trust, using an SSL Certificate will increase your Google rankings and improve conversion rates.

If you have any further questions regarding SSL Certificates, feel free to submit a help ticket to WAMS, join our OSUWebComm Slack channel, or visit us at Open Lab.