Impact of Google Chrome update on University websites
The October update of the Google Chrome web browser introduces a change in settings which will affect some University websites and users.
Release 62 of the browser, scheduled for deployment on 17 October 2017, requires that websites which contain data input fields (such as a website search function) should be served securely (also known as HTTPS).
Web pages served over standard protocol (HTTP), will display a ‘not secure’ notice in the browser bar when a user inputs data in to an open field. Web pages will also be marked as ‘not secure’ for users in the ‘incognito’ privacy mode.
This may concern some users but it is important to note that, in most cases, it will not prevent users continuing to use a website. However, in the case that personal data, login information or credit card details are being captured, secure protocol should be used.
There will be a transition period before the latest version of the Google Chrome browser is widely used, typically three–six weeks after release. Information Services is aware of the issue and will move centrally-hosted websites to HTTPS.
Advice for website managers and editors:
The University Website (www.ed.ac.uk)
A project is in progress to ensure that all content on the University Website and EdWeb will be served over secure protocol. This work is on target to be completed in mid-October, in advance of Chrome 62’s release.
If there are any actions required, publishers will receive an update from the University Website Programme team detailing actions.
Websites on the ISG Hosting Service (‘CHost’)
All new websites created on the Hosting Service will be issued with an SSL Certificate by default. SSL Certificates are also being rolled out across existing accounts. This is likely to take a number of weeks due to the high volume of websites on the service.
The Hosting Service online directory can be used to check the status of a website. To do this, use the search function to locate the website and check the ‘SSL Status’ section on the bottom left of the website detail page. If an SSL certificate is in place, web traffic will need to be forced to HTTPS. Instructions on how to do this are available on the Web Hosting Support Wiki.
If you require a certificate urgently, please submit a request via the IS Helpline.
Local or externally hosted websites
Websites which are hosted locally or by an external supplier should have the HTTPS status checked and appropriate action taken by the person accountable for its operation.
If an SSL Certificate is required, please submit requests through the University’s Certificate Authority website. Where possible, please combine requests for multiple domains into a single certificate request using Subject Alternate Names to reduce the number of certificates to be managed/requested. Guidance on how to generate a Certificate Signing request can be found on the Wiki. Due to an anticipated increase in demand, the team ask that requests are staged over time.
For further information or help, please contact the IS Helpline:
(Ed. This article was originally published on 22 Sep, 2017)