Skip to main content

SSL Access Is Not A Reality, For All Blogs

Some blog owners are not going to be able to provide SSL access to their blogs - even with SSL enabled.

Blog owners who prefer to use the "www" alias of "blogspot.com" - and who have chosen to enable SSL access for their blogs - report "Invalid Certificate" errors, when trying to access. And other blog owners report problems, when they have photos, hosted by Google and Picasa, using "http:".

Blog owners, who require HTTPS / SSL connectivity for their blogs, need to be patient. Impatience causes various inconveniences.

This blog is not upgraded - and it must be read with the "Not secure" warning visible.


Blogs that link to this blog will display as "Mixed content" / "Not secure" - or the link to this blog will be broken.


"This site can’t be reached" ("404") warnings.

This may be a simple typo. Not a cause for panic. This is from Chrome - other browsers may report this, differently.


Until Blogger provides HTTPS for custom domain published blogs, this will be seen sometimes. Or it may involve any of dozens of legitimate custom domain publishing problems).

Don't panic - just stop using "https:" prefix, for custom domain published blogs - and diagnose the domain connectivity!

Deceptive site warnings.

Clever workarounds, to provide custom domains using SSL, are not worth the effort.

Blogs using CloudFlare may be classified as "Deceptive" sites.



Invalid certificate warnings.

An invalid certificate warning, when SSL access is attempted, is pretty scary.

Nobody can access this blog - without some extra clicks, and cautions.



Mixed content warnings.

And some blogs, which do permit easy SSL access, generate "mixed content" errors.

Most people can access this blog - but how many will want to do so?



Both the invalid certificate ("ERR_CERT-COMMON_NAME_INVALID") and the mixed content ("... it contains unencrypted elements (such as images) ...") represent blogs that won't be able to provide SSL access - and provide readers an enjoyable experience.

A blog with an invalid certificate, with SSL access attempted, won't easily provide a connection. The browser, that the would be reader is using, is not going to connect to a website with an invalid certificate, without the reader being properly cautioned.

The link to the blog is there - so you can get there, if you wish. How many would be readers will, happily, "Proceed to www.whatever.blogspot.com (unsafe)"?



And, how many would be readers will enjoy accessing a blog that contains unencrypted elements (such as images). Maybe there are no unencrypted image exploits, in the wild, right now - but how many people who care to use SSL will know that, for a fact?

SSL is available, for blogs which can provide it - but not all blogs, which can provide it, may be suitable to provide it.


Comments

Anonymous said…
Ok. But is there anything else to do except being patient and waiting for Google to do something? Because not all bloggers know that they have to dive in to their code and fix issues occured from this change... And many of my readers are in a panic and i still have no answer for them...
By the way, greetings from Greece! ;)
Eva
Nitecruzr said…
Hi ᒎᕠᒚᗋᒪᕢ,

Thanks for the question!

In reality, there's not a lot that you can do. I suspect that Blogger is doing something, constantly. What they are doing simply involves re writing the entire Blogger infrastructure (I would bet every section of code contains some reference to "HTTP:") somewhere), while we continue to use it.

You really can't do much, except maybe alert your readers what "Mixed Content" is and why they will see the warnings. Then dive in to your code, as you have time - and fix it, one bit at a time.

That's my game plan, for this blog - when custom domain code is upgraded.

I will be writing a post, sometime soon, that I can put into a Featured Post, to replace my post about The Followers Gadget. And as soon as the custom domain SSL upgrade is rolled out, I will be making my SSL notice the Featured Post. You can do the same with your blog, when convenient.

So, greetings from California (too near Wyoming, and Yellowstone).
tttony said…
This ssl thing is a mess, problems with the images, problems with scripts, if I disable HTTPS redirect the user can access https [facepalm], we need a global option that disable the https, the only solutuion I see is to redirect https to http with javascript

Popular posts from this blog

Adding A Link To Your Blog Post

Occasionally, you see a very odd, cryptic complaint I just added a link in my blog, but the link vanished! No, it wasn't your imagination.

Embedded Comments And Main Page View

The option to display comments, embedded below the post, was made a blog option relatively recently. This was a long requested feature - and many bloggers added it to their blogs, as soon as the option was presented to us. Some blog owners like this feature so much, that they request it to be visible when the blog is opened, in main page view. I would like all comments, and the comment form, to be shown underneath the relevant post, automatically, for everyone to read without clicking on the number of comments link. And this is not how embedded comments work.

What's The URL Of My Blog?

We see the plea for help, periodically I need the URL of my blog, so I can give it to my friends. Help! Who's buried in Grant's Tomb, after all? No Chuck, be polite. OK, OK. The title of this blog is "The Real Blogger Status", and the title of this post is "What's The URL Of My Blog?".