The dangers of HTTPS
That green lock in the browser is harder & harder to keep!
So many ways to do HTTPS wrong, only a few to get it right.
We all agree we need HTTPS on as many websites as possible.
You can get free SSL/TLS certificates from Let's Encrypt. They offer an API to request & renew your certificates automatically. Surely, HTTPS is a "solved problem", now?
Expiring SSL Certificates
Even with all the automation around certificates, thousands of sites have an expired certificate on a daily basis. To the user, it means the site is inaccessible and they find a competitor to shop at.
Even automation still needs to perform validation before a new certificate can be issued, and that can fail. Maybe the HTTP call to the website failed. Maybe the DNS record isn't published anymore. Your users probably don't care, they want a working website. Don't let certificates expire, make sure they are monitored.
Invalid Certificate Chains
Certificates are made up of Chain of Trusts, that lead all the way up to a pre-trusted certificate on your computer. If that chain is broken or invalid, a user sees a certificate warning for your site.
What works on your computer, might not work on someone else's. They might have different root certificates. Or different handling of intermediate certificates. Whatever it may be, a user can see an error page where your browser will show a green padlock. You might not even known. Unless, of course, we monitor it for you.
Old devices, deprecated ciphers
There are hundreds of old Android models still around, used by millions, that do not support a modern TLS cipher stack. Or that are missing root certificates.
Old JAVA implementations only support SSL, no TLS. Or have no support for SNI. Chances are, you're on a modern device and you care about HTTPS - or you wouldn't be here. Oh Dear! can alert you of potentially dangerous or problematic configurations with your TLS ciphers, so you know beforehand the potential impact a choice of ciphers has.
Oh Dear! can monitor for mixed content on a site's pages, together with all server-side checks. It's a collaboration between Dev & Ops to make HTTPS a success. We're here to help make that a reality.
We've got plenty more features to convince you of our added value!