The dangers of HTTPS

That green lock in the browser is harder & harder to keep!

So many ways to do HTTPS wrong, only a few to get it right.

We all agree we need HTTPS on as many websites as possible.

You can get free SSL/TLS certificates from Let's Encrypt. They offer an API to request & renew your certificates automatically. Surely, HTTPS is a "solved problem", now?

Expiring SSL Certificates

Even with all the automation around certificates, thousands of sites have an expired certificate on a daily basis. To the user, it means the site is inaccessible and they find a competitor to shop at.

Even automation still needs to perform validation before a new certificate can be issued, and that can fail. Maybe the HTTP call to the website failed. Maybe the DNS record isn't published anymore. Your users probably don't care, they want a working website. Don't let certificates expire, make sure they are monitored.

Invalid Certificate Chains

Certificates are made up of Chain of Trusts, that lead all the way up to a pre-trusted certificate on your computer. If that chain is broken or invalid, a user sees a certificate warning for your site.

What works on your computer, might not work on someone else's. They might have different root certificates. Or different handling of intermediate certificates. Whatever it may be, a user can see an error page where your browser will show a green padlock. You might not even known. Unless, of course, we monitor it for you.

Old devices, deprecated ciphers

There are hundreds of old Android models still around, used by millions, that do not support a modern TLS cipher stack. Or that are missing root certificates.

Old JAVA implementations only support SSL, no TLS. Or have no support for SNI. Chances are, you're on a modern device and you care about HTTPS - or you wouldn't be here. Oh Dear! can alert you of potentially dangerous or problematic configurations with your TLS ciphers, so you know beforehand the potential impact a choice of ciphers has.

Mixed Content, no JavaScript or images

Even the best server-side HTTPS configuration is pointless if the frontend included JavaScript or images from insecure endpoints.

You've spent hours monitoring every aspect of your server, but a rogue deploy can suddenly mess up the user's experience by blocking crucial JavaScript or images on the site, suddenly blocking crucial functionality.

Oh Dear! can monitor for mixed content on a site's pages, together with all server-side checks. It's a collaboration between Dev & Ops to make HTTPS a success. We're here to help make that a reality.

We've got plenty more features to convince you of our added value!