Skip to main content

blog

Websites Blog

Where's my green padlock? Find out why your SSL-enabled website still shows as insecure

29th May 2017

PadlockAn SSL certificate is almost mandatory on a website now, so if you don't have one already, it's something you should be talking to your service provider about.

What is HTTPS?

You may have noticed "http" appended to the start of a website address when browsing the internet. HTTP stands for "Hypertext Transfer Protocol" - HTTPS is the same phrase but suffixed with an S which stands for "secure". HTTPS is the form of encryption that keeps your credit or debit card data and passwords secure every time you enter them on a website. On a regular HTTP website, that data can be intercepted, spied on and even altered by anyone between you and the site’s server - this could be someone on the shared Wi-Fi network as you (such as in coffee shops), someone from your internet service provider or government organisations such as the NSA which has garnered a lot of media attention in the US for topics just like this.

Why should I invest in HTTPS?

Trust is implemented on the user. HTTPS protects more than just your confidentiality. HTTPS offers authentication, verification and what website administrators call “integrity.” For a website to register in a browser as HTTPS encrypted (marked with a padlock in the browser’s address bar), it needs to authenticate itself to prove that it’s the site it says it is. To do that, a website’s administrator asks a “certificate authority” organisation such as Comodo or Symantec to issue the site a certificate, a cryptographic key that can’t be forged. A certificate means that when your browser says you’re at https://www.cosmic.org.uk, you really are sharing your data with a Cosmic server and no-one else.

"I've implemented an SSL certificate but I still don't have the green padlock!"

This is something that regularly happens when implementing an SSL certificate on an existing website which didn't used to have https. Some links can get left behind as http, images which haven't had their paths changed and so on. The browser will spot this (whereas most users wouldn't) and flag the site as not fully SSL-enabled. Sure, you could go through every page on your website and check all of your content, but this can be a timely process. Thankfully, there is a handy website called WhyNoPadlock.com.

Entering your website URL into their search bar will trawl your website for anything that may be causing hiccups in relation to HTTPS - these goes for broken links, old http links that haven't been changed over and plenty more. It'll show you what page they are on and what in particular is wrong with it, enabling you to go into your website and remedy the problem much quicker than manually checking for them yourself.

Why No Padlock?