Google Chrome to Mark all HTTP sites as ‘Not Secure’ Starting in July 2018
Beginning in July 2018 with the release of Google Chrome 68, Chrome will begin flagging sites as not secure if they don’t use an SSL certificate on all pages. Currently, DoJiggy fundraising websites use an SSL certificate (which renders HTTPS pages) only on website pages where customer data is received. These are the registration, sponsorship, volunteer, and products pages as well as the entire shopping cart.
We will be making a change to our platform before the end of the month to comply with this new Google security standard. All DoJiggy website pages will be secured with an SSL certificate and render only Secure HTTPS pages.
What is an SSL Certificate?
A SSL (secure sockets layer) certificate insures a secure connection is established between a website user and the server where the website data originates. It is signified in a website’s URL by the use of HTTPS (instead of just HTTP). Secure sessions use encryption methods to ensure that data can be more safely transferred.
If a website doesn’t provide an SSL certificate, an encrypted connection isn’t established. In fact, data sent using HTTPS is secured via three layers of protection:
- Encryption: Encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can listen or see conversations, track activities or steal personal information.
- Data integrity: Data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
- Authentication: Proves that users communicate with the intended website.
Sessions not secured with an SSL certificate will soon show a ‘not secure’ label by Chrome. Here is how the ‘not secure’ label will appear to constituents, per Google’s blog on the subject.
What does this change mean for my organization?
For clients that use a .dojiggy.com or .golfreg.com domain, no action is needed on your part. We’re on it! DoJiggy will make the change seamlessly for your organization. If a constituent enters http://yourwebsite.dojiggy.com in any browser, the user will be automatically redirected to the secure https://yourwebsite.dojiggy.com website page.
For clients using a private domain (ie http://mygolftournament.com), the change requires a unique SSL certificate be installed for your domain. Purchase a SSL certificate for your private domain.
We need to work with your organization before the July 1 deadline, to make the change seamlessly. Please contact tech support if you are unsure of your domain status. Action is required on your part to assist with this change.