In July Google Chrome Browers began indicating that web pages that are not served up via HTTPS are not secure.  Prior to July, you had a little info icon in the URL/Search box that you could click on to get more information:

Now the not secure is spelled out:

And in October it will be in red:

Other browsers such as Firefox also indicate a site is not secure:

This is definitely not something you want to be displayed on your website if you hope to have shoppers place an order!  Many would be leary of that warning and instead, leave your site.

Why is this now an issue, hasn’t my shopping cart always been secure?

For those using ShopSite and other shopping carts, when shoppers enter payment information those forms taking credit cards are on a secure page.  Likewise, when you log in to your merchant interface and view orders it is also done securely.  But “normal” product and home pages that just display content have typically not been secure (it is faster to serve up an HTTP page vs an HTTPS page.)  But now, Google wants all pages on the internet to be secure (e.g. transmit their content to your browser via encryption.)  Fortunately, for most merchants, making all their pages use HTTPS is fairly straightforward.

How to make your site use HTTPS

First, you need your own secure certificate for your domain.  If you don’t have one your host can help you obtain a certificate and install it for you.   They can even set up a “redirect” so that anyone that comes to your site via HTTP is redirected to HTTPS and never sees the warning on your homepage.   Once you have your certificate you should refer to all the pages and links on your site using HTTPS instead of HTTP.  In ShopSite this is easy to do.

With ShopSite 12 sp1 or greater go to Preferences > Hosting Services.   Go to the Store Settings section and check the box under “Make Store URL secure”

then click the Test URL button.  If “Success” is displayed, save the setting and you are good to go.  If you use ShopSite to publish your store or product pages the Publish button will now pop-up, click this and all links in your Shopsite generated store pages will now use HTTPS.

If you manage your store pages outside of ShopSite or place order buttons directly on non-ShopSite pages you will need to update those links to also use HTTPS instead of HTTP.

In the old days of the internet obtaining a secure certificate was expensive and serving up secure web pages was slow.  Nowadays certs are cheaper and in some cases even free!  Whereas serving secure web pages has gotten faster.  Some folks don’t like that Google is taking it upon themselves to force this change upon the web.  But regardless, they are doing it and if you want your shoppers to use your site you will need to have it fully secure.