Creating a Secure Connection to or to Any Other Secure Web Site

When I sent out a message announcing the new Plus Edition web site at several readers responded that they were receiving messages saying the web site connection was insecure. Please keep in mind that the security of the connection is under YOUR control. You can make a secure or an insecure connection as you wish. The secret is the letter “s”.

If you want a secure connection to any web site, make sure you specify that a secure connection is required by using an address that begins with “https”. The letter “s” in the beginning of the address is critical as it specifies a SECURE (or encrypted) connection.

For instance, the following will give you a secure connection:   (notice the letter “s” in “https”)

If you leave the letter “s” out of “https://” you will often be connected via an insecure (unencrypted) connection. However, that does vary a bit depending upon the software in use in the web server.

Your choice.

For more information, see any of the dozens of web sites that describe all this. For instance, see: What Is HTTPS & How To Enable Secure Connections Per Default at:

If you would like to specify https on ALL your connections, install the HTTPS Everywhere extension in your Firefox, Chrome, or Opera browser as documented at  (HTTPS Everywhere is free software.)


This is not entirely true. It will work if the site you are accessing is a secure site, but nothing you do will make a non-secure site, secure. My personal website is not secure as I collect no information and sell nothing, just share photos. If I go to my site and type the “s” I get a red message that warns me that the site isn’t secure. My web hosting service said there was no reason I needed the secure site for what I do.


    —> My web hosting service said there was no reason I needed the secure site for what I do.

    I had the same “problem.” I agree with you and I think almost all security experts will also agree: there is no need for a secure web site with an SSL certificate for the sites that do not collect any personal information, such as names, addresses, credit card information, or anything else that should be private. That includes and (When someone subscribes to the Plus edition, the new subscriber is taken to a DIFFERENT web site designed for the purpose that is fully secure with an SSL certificate and numerous other security enhancements and the subscriber’s credit card and other personal information is collected there.)

    The big problem is that when the various web browsers encounter a web site that does not have a security certificate installed, today’s web browsers pop up “warnings” that make many people believe they are about to enter a dangerous web site. In fact, if you read the “warning” closely and you know something about online security, you know that the “warning” is not problem. It is simply a status message of, “Oh by the way, this site doesn’t have a security certificate. You shouldn’t enter personal information while on this site. However, everything else is OK.”

    Tens of thousands of web sites do not collect personal information and therefore have no need for an SSL certificate and yet these pop-up “warnings” make it sound like each of these web sites has a security problem.

    The problem is that many people who are not familiar with the ins and outs of online security interpret the “warnings” as being a huge problem. The users often become scared and leave immediately.

    Since the various web browsers all added these misleading “warnings” in the past year or so, my email has been filling up with complaints from newsletter readers saying things such as, “I went to your web site but it says it is insecure. I left immediately as I am afraid of being hacked.”

    I explained the facts over and over in email but the reports kept coming and kept growing in number. Eventually, I gave up. The old Plus Edition web site had several other problems with aging web server software that required major updates to resolve. Upgrading things one at a time looked like a Herculean task to upgrade everything.

    Instead, I decided the simpler approach was to simply create a new web site with all the latest software in place and even to install an (unnecessary) security certificate to reduce the many reports I received, even though the certificate technically wasn’t needed. I paid a lot of money for a top-of-the-line, multi-purpose Comodo Extended Validation (EV) TLS/SSL Certificate. (The price included installation on the web servers by someone who is far more familiar with installing certificates than I am.)

    Was it money wasted? Well, it should stop the many reports of “false errors” from newsletter readers so I think it should make my life simpler.

    Do you need an SSL certificate for your web site? I can only say, “Your mileage may vary.”


Leave a Reply

Name and email address are required. Your email address will not be published.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <s> <strike> <strong> 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: