Skip to main content
HTTPS Banner

MoreThanSAP now with HTTPS flavor

Mike Security

If you visited the blog recently you probably realized that the protocol is HTTPS instead HTTP. Even if you access through https://morethansap.com you will be redirected to https://morethansap.com. After working during all this years with Web Dispatchers, Web Servers, ICM on SAP Applictation Servers, etc. it just felt right to start using a SSL certificate in order to authenticate the domain and use secure navigation via HTTPS.

If I’m honest, the number of visit I receive each month are insignificant compared with similar SAP blogs on the Internet but I wanted to contribute doing the Internet a little bit more secure. Each day more and more web pages are using HTTPS protocol with SSL certificates and I think it is just a matter of time until it become a standard through the whole Internet. Maybe in the future we won’t consider to access a web page that is no using HTTPS protocol.

The cost of the SSL certificate is really low, I paid about 9$ for a 3 year Comodo certificate in  SSL Shop. Depending on your needs you can buy certificates with different characteristics. In this case and since I don’t have an online shop or important content I decided to use the cheapest one. Then I had to pay to my hosting company for installing the certificate which was about 60$. A really high price considering the effort needed to install an SSL certificate and change the redirect from HTTP to HTTPS…

To SHA-1 or to SHA-256, that is the question

My idea was to use a SHA-256 SSL certificate so it will be correctly  authenticated in the future via web browser. Currently no Certificate Authority (CA) is allowed to issue SHA-1 certificates. This is because newer versions of web browsers required a SHA-256 certificate in order to show as secure a web page via HTTPS. If you have an older SHA-1 certificate and you check with newer versions of Google Chrome for example you will see a warning on the web browser. In the future this web page will be shown as non-secure when accessing via HTTPS so you better start changing your SSL certificates to SHA-256.

After implementing the certificate I did a few test to check if it is strong enough and valid for the following years. For the first test I used SSL Labs which shows a A- Rating:

SSL Labs Rating for morethansap.com
SSL Labs Rating for morethansap.com

Next test was done using SHAAAAAAAAAAAAA. SHAAAAAAAAAAAAA is an open source project that check if the SSL certificate or the certificate chain is using SHA-1 algorithm. In this case the result of the test was good:

After this I checked with several web browsers and I found that I had a warning when I accessed to the administration dashboard in WordPress. I changed a couple of parameters on the settings and checked again using Chrome:

Google Chrome HTTPS verification
Google Chrome HTTPS verification

Finally and since some content can be linked from my web to a non-HTTPS web I ran a test using Why No Padlock? on several articles I wrote just to see if I added any non-HTTPS content:

Why No Padlock result for morethansap.com
Why No Padlock result for morethansap.com

The whole blog runs in HTTPS protocol so it should be no problem with the new certificate and any web browser. Anyway if you find a problem related to the HTTPS access just let me know and I will check it ASAP. Thank you!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.