browser What should I do if I prompt the "unsafe" warning?
Google Chrome browser vs. HTTP Express agreement Put forward the distrust policy. Since Chrome 56, the login interface uses HTTP protocol to directly paste the "unsafe" logo on the address bar. By the end of October 2017, the stable version of Chrome 62 will not support the expansion of http, stealth mode All http pages under are marked as "unsafe".
The age of big data has brought great convenience to people's lives. They can buy things they like without leaving home, which makes more and more people visit online shopping websites. Internet criminals are also constantly improving their technology in order to cheat consumers out of their money.
This is Cybercriminals Common trick: they will build a website very close to the shopping website, and then induce consumers to visit their fake website. Unless consumers carefully check the URL of the site, they will be vulnerable to phishing attacks.
In order to protect consumers' financial security, Google And other major mainstream browsers mark all unencrypted HTTP pages as "unsafe", and remind users not to enter any sensitive information (such as passwords or Card number information ), because an attacker may steal this information ", so as to help users identify" unsafe "websites and improve their security awareness.
How to solve the "unsafe" identification of websites
At present, the best solution to solve the "unsafe" logo of the website is to adapt to the trend of the times and security needs, and migrate the website to HTTPS as a whole.
Compared with the HTTP plaintext protocol, HTTPS has two major network security functions: encryption and authentication.
Encryption: HTTPS transmission protocol can encrypt the transmission data between the client and the server to prevent third-party theft, tampering, snooping and other intermediary attacks.
Authentication : Client users can authenticate the server through the SSL certificate behind HTTPS to identify the true and false websites and avoid falling into the trap of phishing websites.
Of course, this does not mean that the website where the SSL certificate is deployed must be secure. It just means that any information you enter on the website (card number information, login information, etc.) will not be intercepted by a third party. Because the domain name DV SSL certificate does not need to verify the real identity of the website, many phishing websites have also obtained SSL certificates to eliminate the warning of "unsafe" browsers.
If it is an enterprise OV SSL certificate, click the padlock icon to view the company name and other information. If it is an enhanced EV SSL certificate, the company name can be directly displayed in the address bar, which can effectively prevent attacks by phishing websites, and help improve the corporate image and increase user security.
However, if the SSL certificate is not deployed, the browser prompts an "unsafe" warning to give users a good warning, because unencrypted e-commerce websites pose a wide range of risks to consumers. Even if it is not a phishing website, the unencrypted website has no ability to protect users' data, which will lead to the loss of users.
How does the website switch from http to https?
1. Request SSL Certificate
To implement https encryption, websites need to first apply for SSL certificates. Before applying for SSL certificates, CSR files need to be created Online generation tool of Wotong official website generates CSR files , and properly save the generated CSR and Key files, and then provide the CSR to the SSL certificate provider to apply for an SSL certificate.
Submit the CSR to CA, and the CA organization can issue the certificate only after it passes the review. For DV SSL certificates, only the domain name management authority needs to be verified, and generally it can be issued within 10-30 minutes. OV SSL certificates and EV SSL certificates need to verify the domain name management authority, in addition to the real identity of the website, to prove that the applicant is a real legal entity, CA organization can issue the certificate only after manual verification, which generally takes 3-5 working days.
2. Installation Certificate
After receiving the SSL certificate issued by the CA, you can deploy the certificate to the server. You can consult the customer service of Wotong to provide you with technical support
3. Modify site link
After the SSL certificate is successfully installed, your server will support https. At this time, all links on the website should be modified to https.
4. Make 301 turn in the whole station
After the rectification of website links 301 jump in the whole station In this way, the search engine can capture new links faster and better to replace the old links, and restore the weight and ranking of new links faster.
5. Submit to Baidu webmaster platform for HTTPS verification
You can use the https authentication function provided by Baidu's search resource platform for authentication, so that Baidu can better capture and display our https pages.
Wotong SSL certificate is issued by the global trust top root, supports all browsers and mobile terminals, and can provide HTTPS encryption for various Internet applications such as Web sites, iOS/Android APP, and applets.
Wotong CA It is an authoritative CA organization that has obtained the Electronic Authentication Service License issued by the Ministry of Industry and Information Technology digital certificate The industry has more than ten years of industry accumulation, and has an industry leading level in terms of institutional qualifications, technical strength and service capabilities. It is your trusted SSL certificate service provider.
