Google Chrome Announces Important Security Updates Required by July 2018

The date is fast approaching for Google’s deadline to encrypt your site. This will include acquiring an SSL Certificate and moving to HTTPS. If these steps are not taken, it could impact your customers, your SEO rankings and ultimately, your reputation.

Maintaining the security and compliance of your site is a top priority for our team. If you require any assistance, our dedicated Magento engineers are available 24/7 to offer support and guidance. Please take a few minutes to learn more about these requirements below and feel free to reach out to us if you have any questions.  

Security Requirements

If your site is not fully compliant with these requirements, you have until July 2018 to make the necessary modifications. Not sure if your site will be impacted or how to become compliant?  Here is a step-by-step guide to verify and update your site’s security protocols.

SSL Certificates

If you do not currently have an SSL Certificate, you will need to purchase one as a first step in gaining security compliance. We provide free SSL Certificates and installation to all our Magento Clients.

If you do have an SSL Certificate but your site is using a SSL/TLS Certificate from Symantec that was issued before June 1, 2016, it will stop functioning as a secure site in Chrome 70 this coming July. This could already be impacting your customers.

Symantec SSLs that were issued before June 1, 2016, utilized an older Secure Hash Algorithm (SHA-128) which came equipped with a renewal date that extended past Google’s preferred expiration timeframe. To be compatible with the release of Google Chrome 70, requirements for SSL Certificates will need to be updated to the newest version (SHA-265). You will want to replace your certificate as soon as possible before the Chrome 70 release. If the certificates are not replaced, users will begin seeing certificate errors on your site. If you are unsure if you have the latest version of SSL certification, continue reading to learn how you can verify your compliance.   

Testing Your Site For Compliance

To gain HTTPS full encryption compliance, your first step is to ensure your SSL Certificate is up to date. You can test the security of your site and your SSL status by going to Qualys SSL Labs. The desired outcome is to receive an “A” in all 4 sections. The sections include Certificate, Protocol Support, Key Exchange, and Cipher Strength. Receiving a passing score in all four sections means that your SSL Certificate will function securely under the Chrome 70 release. This will also be important for gaining and maintaining PCI Compliance. Our servers are configured to be fully secured and HTTPS encrypted out of the box.

How to Gain SSL Certificates and HTTPS Compliance

As a fully managed service provider, eBoundHost – JetRails can assist you in purchasing and installing your SSL Certificate. We can also help you manage your encryption configurations through our technology stack. However, your development team will need to ensure all required coding is ready for HTTPS.

Additional Resources:

https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html

https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html

Artur June 27, 2018