The pressure to have secure websites is building. People who access insecure ones with Google Chrome are starting to see, since last October, warnings that they’re sending information insecurely. This applies to any HTTP pages where users can submit forms, as well as all HTTP pages in Incognito mode.
A secure (HTTPS) website provides end-to-end encryption of all data, including form data. People can enter passwords, credit card numbers, and other confidential information without exposing them to interception. With the widespread use of public Wi-Fi, keeping data secure is more important than ever. Most shopping malls and libraries provide unsecured Wi-Fi access. Anyone nearby can intercept whatever people send and receive. HTTPS pages, which use the encryption scheme called SSL or TLS, take away this risk. They’re safe even over unsecured Wi-Fi.
Most people are unaware of the risk, but now they’ll see warnings whenever they view a form that isn’t secure. Even if they don’t understand the issue, they’ll be nervous about using a form where they see a warning. Chrome has the biggest market share of any browser, and user nervousness will translate into lost business. Other browsers are also starting to issue warnings. Forms or sites not using HTTPS will mean lost revenue.
In the future, Chrome may mark all HTTP pages as not secure. Even a page which doesn’t contain a form is at risk, since a “man in the middle” attack could alter a page in transit, inserting ads or changing links. If you’re going to upgrade your site, you might as well upgrade all its pages.
We are receiving more and more questions about how to solve this in NetSuite’s SuiteCommerce platforms, whether Site Builder or SCA.
Fortunately, it’s easier than ever to use secure HTTPS with SuiteCommerce Advanced. At NetSuite’s Help Center you can find instructions on how to purchase an SSL certificate. Pay special attention to those which are NOT SUPPORTED:
- Wildcard certificates
- Self-signed certificates
- ECC (Elliptic Curve Cryptography) SSL certificates
- Subject Alternative Name (SAN) fields on an SSL certificate (that is, adding multiple domain names to a single certificate). Only the Subject Name on a certificate is considered. In cases where SANs are specified on a certificate (using a subjectAltName field), they are ignored.
“You can select an SSL certificate from the vendor of your choice, but it must meet the following restrictions and recommendations:
- All SSL certificates you plan to use with NetSuite require:
- a 2048 bit RSA private key that uses the PKCS#1 RSA Cryptography Standard. (The PKCS#8 Private-Key Information Syntax Standard is not supported.
- must be Apache-compatible and PEM-encoded.”
NetSuite Help Center
For Site Builder there is work being done and the solution will be available soon.