An Important Update

Dear Followers Of This Blog ...

If you did not use a Blogger / Google account when you Followed this blog, years ago, you are probably not Following now . During the past...

Friday, October 09, 2015

SSL Access Is Not A Reality, For All Blogs

Some blog owners are not going to be able to provide SSL access to their blogs - even with SSL enabled.

Blog owners who prefer to use the "www" alias of "blogspot.com" - and who have chosen to enable SSL access for their blogs - report "Invalid Certificate" errors, when trying to access. And other blog owners report problems, when they have photos, hosted by Google and Picasa, using "http:".

Blog owners, who require HTTPS / SSL connectivity for their blogs, need to be patient. Impatience causes various inconveniences.

Deceptive site warnings.

Clever workarounds, to provide custom domains using SSL, are not worth the effort.


Blogs using CloudFlare will be classified as "Deceptive" sites.



Invalid certificate warnings.

An invalid certificate warning, when SSL access is attempted, is pretty scary.



Nobody can access this blog - without some extra clicks, and cautions.



Mixed content warnings.

And some blogs, which do permit easy SSL access, generate "mixed content" errors.



Most people can access this blog - but how many will want to do so?



Both the invalid certificate ("ERR_CERT-COMMON_NAME_INVALID") and the mixed content ("... it contains unencrypted elements (such as images) ...") represent blogs that won't be able to provide SSL access - and provide readers an enjoyable experience.

A blog with an invalid certificate, with SSL access attempted, won't easily provide a connection. The browser, that the would be reader is using, is not going to connect to a website with an invalid certificate, without the reader being properly cautioned.



The link to the blog is there - so you can get there, if you wish. How many would be readers will, happily, "Proceed to www.whatever.blogspot.com (unsafe)"?



And, how many would be readers will enjoy accessing a blog that contains unencrypted elements (such as images). Maybe there are no unencrypted image exploits, in the wild, right now - but how many people who care to use SSL will know that, for a fact?

SSL is available, for blogs which can provide it - but not all blogs, which can provide it, may be suitable to provide it.


Dude, hit me with a comment!

ᒎᕠᒚᗋᒪᕢ ᙢᗗᒘᕢᒹᗅ said...

Ok. But is there anything else to do except being patient and waiting for Google to do something? Because not all bloggers know that they have to dive in to their code and fix issues occured from this change... And many of my readers are in a panic and i still have no answer for them...
By the way, greetings from Greece! ;)
Eva

Chuck Croll said...

Hi ᒎᕠᒚᗋᒪᕢ,

Thanks for the question!

In reality, there's not a lot that you can do. I suspect that Blogger is doing something, constantly. What they are doing simply involves re writing the entire Blogger infrastructure (I would bet every section of code contains some reference to "HTTP:") somewhere), while we continue to use it.

You really can't do much, except maybe alert your readers what "Mixed Content" is and why they will see the warnings. Then dive in to your code, as you have time - and fix it, one bit at a time.

That's my game plan, for this blog - when custom domain code is upgraded.

I will be writing a post, sometime soon, that I can put into a Featured Post, to replace my post about The Followers Gadget. And as soon as the custom domain SSL upgrade is rolled out, I will be making my SSL notice the Featured Post. You can do the same with your blog, when convenient.

So, greetings from California (too near Wyoming, and Yellowstone).

tttony said...

This ssl thing is a mess, problems with the images, problems with scripts, if I disable HTTPS redirect the user can access https [facepalm], we need a global option that disable the https, the only solutuion I see is to redirect https to http with javascript