Google’s previous security warning designs saw limited success in preventing users from visiting sites that have a non-private connection. For that reason, Google improved their SSL/TLS warning displays in February 2015, making it simple, non-technical, brief and specific to better protect users of Chrome.
Taking a First Look at Google’s New Warning Design
Visitors to your websites using Google Chrome may encounter the latest SSL/TLS display warnings, informing them of the potential dangers on a site with a non-private connection.
This new display warning design is proven to make up to 62% of users click away.
What Causes These Warnings?
Recently in the DigiCert Security Summit 2015, an annual convention with presentations in different cyber security areas, it was mentioned that:
- 1.5% of certificate errors are due to almost but not quite correct certificate names
An SSL certificate for example.com was installed on a server with foo.example.com or www.example.com for a request to example.com
Other reasons for warning displays include:
- Expired certificates that are currently installed on servers
Because the lifecycle for SSL certificates last between 1 to 3 years – depending on the type of certifications – website owners and administrations typically do not pay particular attention to the expiry date of certificates. As a result, such negligence can cause Google’s warning to appear on visitor’s end, without website owners realizing.
Implications of a Misconfigured or Expired SSL Certificate
If your website has an SSL certificate installed and is not configured correctly, Google is likely to penalize your website by displaying their new display warning to your visitors. Your website could potentially lose up to 62% of traffic, of which, a fraction could have converted into real customers.
To understand the implications in numbers, let’s illustrate with a few simple calculations:
Assuming the average monthly traffic you receive from historical data is 1,000.
62% of monthly traffic or 620 visitors gets bounced off the site because of misconfigured SSL.
Based on lower-end e-commerce standards at a conversion rate of 1%, you lose 6.2 real customers/users on average.
Now, if this is an e-commerce site with an average order value of $1,000, you may be looking at a loss of approximately $6,000 in revenue.
What Can You Do
Right After Installing an SSL Certificate
You should use an SSL installation checker to run a test to see if the certificate is installed rightfully in the correct server. By doing so, you eliminate the risk of unnecessary misconfigurations thus, preventing Google’s security warning from appearing.
Inspecting SSL Certificate Quarterly or Half-Yearly with Certificate Inspector
As a website owner or administrator with an SSL certificate installed, you should make it a habit of monitoring your certificate once every twice or three times a year. This can be done by using a Certificate Inspector. The purpose is (1) to remember the certificate expiry date and (2) to check for SSL/TLS vulnerabilities to fix throughout the year.
Negligence can Affect Profitability
The use of SSL is gradually becoming an internet standard, and as a site owner, you may have a certificate installed in your servers. If you notice a drop in online sales and conversion, Google’s new display warning could be one factor worth examining into.
About Ashlee Ang
Ashlee is a content writer at Cyber Secure Asia where she writes about introductory topics on cyber security and cyber-related happenings in Singapore & South East Asia.