When a user receives this error message “Not secure https://” what could be the cause and what can they do to resolve it?
Have you ever visited a website and been greeted by a warning that says “Not Secure” right next to the website’s address? It’s a common experience that can leave many of us feeling a bit uneasy.
After all, the internet is a vast space where we share personal and sensitive information, from shopping online to logging into our favorite social media platforms.
So, when we see this warning, it’s natural to wonder: What’s going wrong? And more importantly, is it safe to proceed?
So, when a user receives this error message “Not secure https://” what does it mean and what can the user do? In this article, we’re going to dive into the heart of this issue.
We’ll explore the main reason behind the “Not Secure” warning and break down some technical jargon into easy-to-understand language. Just keep reading!
A User Receives This Error Message “Not Secure https://”. What is the cause?
- SSL certificate is invalid or self-signed
- User needs to change the URL to http://from https://
- Web servers doesn’t support HTTPS sites
- Domain is improperly configured at the registrar
- User’s browser doesn’t support secure websites
The correct answer is A. SSL certificate is invalid or self-signed. Wondering why that is the correct answer? We will explain things better in the section below to help you understand why that is so.
Explanation
When a user receives this error message “Not Secure https://” it typically indicates an issue with the site’s SSL (Secure Sockets Layer) or TLS (Transport Layer Security) certificate.
SSL/TLS certificates are used to secure the communication between the user’s browser and the web server, ensuring that any data transmitted (such as passwords or personal information) is encrypted and thus protected from interception.
In the latter section of this post, we will explain this better to help you see the role SSL plays when browsing the internet and why the error message, ‘Not secure’ could come up. But first, let’s see why the other options on the question aren’t correct.
Why the Other Options Aren’t Correct
Now that we know that the SSL is the factor to point accusing fingers to when a user receives this error message “Not Secure https://” let’s consider the other options to see why they are not correct.
-
B. User needs to change the URL to http://from https://
This would actually make the connection less secure by switching from a secure (HTTPS) to an insecure (HTTP) protocol, which is not a solution to security warnings.
-
C. Web server doesn’t support HTTPS sites
If a web server didn’t support HTTPS, the site wouldn’t be accessible via an “https://” URL at all, rather than showing a “Not Secure” warning. So that is not the reason the user is seeing the error message.
-
D. Domain is improperly configured at the registrar
Again, this is not the correct answer because while domain configuration issues can cause problems, they typically don’t result in SSL/TLS-related “Not Secure” warnings.
-
E. User’s browser doesn’t support secure websites
Modern browsers all support HTTPS. A lack of support for secure websites would be an extremely rare situation. When it happens, it’s likely happening in very old software, and would not specifically trigger a “Not Secure” warning but rather prevent access to HTTPS sites altogether.
Therefore, the issue with the SSL certificate being invalid or self-signed (Option A) is the most direct and common cause for a “Not Secure” warning alongside an “https://” URL. Now, let’s take a deeper plunge into this.
What is the Cause of “Not Secure” Error Message?
When you see a “Not Secure” warning on a website, it’s like a little alert from your browser saying, “Hey, something’s not quite right here.” This warning is all about the website’s SSL certificate.
SSL certificates are like digital passports for websites, proving they are who they say they are and ensuring any information you send to them is encrypted. Let’s look at four common reasons why your browser might give you this heads-up:
#1: The SSL Certificate is Expired
SSL certificates come with an expiry date, just like milk! When a certificate’s time is up, it’s no longer considered valid. Website owners need to renew their certificates regularly to avoid this.
If they forget or overlook it, you’ll see the “Not Secure” warning when you visit their site. Think of it as your browser’s way of saying, “This website’s security check is out of date.”
#2: The SSL Certificate is Self-Signed
Sometimes, website owners issue their own SSL certificates instead of getting them from an external authority. While these self-signed certificates can still encrypt data, they’re not verified by a trusted third party.
Your browser prefers certificates that have a stamp of approval from known Certificate Authorities because it’s like verifying an ID card. When it sees a self-signed certificate, it gets a bit suspicious and flags the site as “Not Secure.”
#3: The SSL Certificate is Issued for a Different Domain Name
Imagine sending a letter to your friend but putting the wrong name on the envelope. It might not reach its intended destination, right?
Similarly, if a website’s SSL certificate is issued for a different domain name (the website’s address), your browser gets confused. It expects the certificate to match the website you’re visiting. If there’s a mismatch, it worries about your security and pops up the “Not Secure” warning.
#4: The SSL Certificate is Not Properly Installed or Configured
Installing an SSL certificate is a bit like setting up a complex piece of furniture. If you don’t follow the instructions carefully, something will be off.
Sometimes, website owners might not install the certificate correctly, or there might be issues in the server configuration. This can lead to incomplete security measures, and your browser will notice.
It’s looking for a smoothly running security setup, and any misstep here results in the familiar “Not Secure” message.
How Do I Make My Chrome Connection Secure?
By now, you know that when a user receives this error message “Not Secure https://” the culprit is the site’s SSL. So, let’s take a step further to show you how you can protect yourself in today’s online community.
If you’re using Google Chrome, one of the world’s most popular browsers, there’s a simple setting adjustment you can make to enhance your browsing security. Below are the steps you need to take to turn on a feature that always uses secure connections.
- Open Settings: Begin by opening your Chrome browser. Click on the three dots in the upper right corner to open the menu. From there, select “Settings” to access your browser’s settings page.
- Navigate to Privacy and Security: On the settings page, you will see a list of options on the left-hand side. Click on “Privacy and Security.” This section is dedicated to settings that control how Chrome handles your data and protects your privacy.
- Click on Security: After clicking on “Privacy and Security,” look for the “Security” option and click on it. This will take you to a page where you can manage settings related to the security of your Chrome browser.
- Turn on Always Use Secure Connections: On the Security page, you’ll find an option labeled “Always use secure connections.” Turn this feature on. When you enable this, Chrome will attempt to use HTTPS, a secure version of the web protocol, whenever possible.
HTTPS encrypts the data sent between your browser and the websites you visit, making it much harder for anyone else to see what you’re doing online.
How Do I Change My Chrome Site from Secure to Not Secure?
Sometimes, you might find yourself in a situation where you need to access content from a website that Chrome marks as “Not Secure” due to its use of non-HTTPS elements.
While it’s generally recommended to keep your browsing as secure as possible, there are instances where you might trust a specific site enough to view its insecure content. So, let’s quickly talk about how you can adjust your settings in Chrome to allow insecure content from a particular website.
- Open Chrome: Start by launching the Chrome browser on your computer. Make sure you’re using the latest version to ensure all features are up to date.
- Access Settings: Look at the top right corner of Chrome and click on the three dots (More) to open the dropdown menu. From here, select “Settings” to go to the settings page where you can modify Chrome’s configurations.
- Go to Privacy and Security: Within the Settings menu, find and click on “Privacy and security.” This section contains options related to how Chrome handles your privacy and the security of your browsing experience.
- Enter Site Settings: Scroll down to find “Site Settings” and click on it. This area allows you to adjust permissions and behaviors for individual websites.
- Adjust Insecure Content Settings: Within Site Settings, look for “Additional content settings” and click it to expand more options. Here, find and select “Insecure content.” This option controls how Chrome deals with websites that want to load non-HTTPS content.
- Allow Insecure Content on a Website: You will see a section labeled “Not allowed to show insecure content.” Click on the “Add” button next to it.
- A box will appear prompting you to enter the URL of the site where you wish to allow insecure content. Type in the full URL of the website, including “http://” or “https://”, and click “Add.”
Final Note
Remember, when a user receives this error message “Not secure https://” it is most times because of an issue with the SSL of the site the user is trying to visit. We already explained how that works in this post and what you can do to get around it in case you trust the website and need to see the content on the page.
Still got some more questions about the subject? Don’t hesitate to let us know about it. Just drop a message for us below and we will be glad to help.
Related Articles You Might Like:
