You might notice if you browse this blog now, that it’s served over HTTPS. I’ve even added an Apache configuration to redirect plain HTTP requests to secure HTTPS and I’ve spent the last few days checking the pages for URLs including non-secure content and rewriting them to use HTTPS where possible, or otherwise removing them. You’ll also notice in the left-hand corner of the browser’s address bar, there’s a (hopefully familiar) little green lock which indicates:
- your communication with the site is encrypted well
- the authenticity of the site is verified by a trusted authority
Of those, the latter usually involves paying a trusted certificate authority a lot of money to verify and sign your site’s certificate so that browsers will mark it trusted. Security is important but this high cost often creates a barrier for small companies wanting to use https. Continue reading