If you visited the blog recently you probably realized that the protocol is HTTPS instead HTTP. Even if you access through http://morethansap.com you will be redirected to https://morethansap.com. After working during all this years with Web Dispatchers, Web Servers, ICM on SAP Applictation Servers, etc. it just felt right to start using a SSL certificate in order to authenticate the domain and use secure navigation via HTTPS.
If I’m honest, the number of visit I receive each month are insignificant compared with similar SAP blogs on the Internet but I wanted to contribute doing the Internet a little bit more secure. Each day more and more web pages are using HTTPS protocol with SSL certificates and I think it is just a matter of time until it become a standard through the whole Internet. Maybe in the future we won’t consider to access a web page that is no using HTTPS protocol.
The cost of the SSL certificate is really low, I paid about 9$ for a 3 year Comodo certificate in SSL Shop. Depending on your needs you can buy certificates with different characteristics. In this case and since I don’t have an online shop or important content I decided to use the cheapest one. Then I had to pay to my hosting company for installing the certificate which was about 60$. A really high price considering the effort needed to install an SSL certificate and change the redirect from HTTP to HTTPS…
To SHA-1 or to SHA-256, that is the question
My idea was to use a SHA-256 SSL certificate so it will be correctly authenticated in the future via web browser. Currently no Certificate Authority (CA) is allowed to issue SHA-1 certificates. This is because newer versions of web browsers required a SHA-256 certificate in order to show as secure a web page via HTTPS. If you have an older SHA-1 certificate and you check with newer versions of Google Chrome for example you will see a warning on the web browser. In the future this web page will be shown as non-secure when accessing via HTTPS so you better start changing your SSL certificates to SHA-256.
After implementing the certificate I did a few test to check if it is strong enough and valid for the following years. For the first test I used SSL Labs which shows a A- Rating:
Next test was done using SHAAAAAAAAAAAAA. SHAAAAAAAAAAAAA is an open source project that check if the SSL certificate or the certificate chain is using SHA-1 algorithm. In this case the result of the test was good:
After this I checked with several web browsers and I found that I had a warning when I accessed to the administration dashboard in WordPress. I changed a couple of parameters on the settings and checked again using Chrome:
Finally and since some content can be linked from my web to a non-HTTPS web I ran a test using Why No Padlock? on several articles I wrote just to see if I added any non-HTTPS content:
The whole blog runs in HTTPS protocol so it should be no problem with the new certificate and any web browser. Anyway if you find a problem related to the HTTPS access just let me know and I will check it ASAP. Thank you!