SSL Upgrades

Published on 8 Oct 2015


With the imminent go-live of another SchemesWriter 3 system, we have recently implemented a new style of SSL certificate to secure our web traffic.

Our live sites have always used SSL (Secure Sockets Layer) certificates to secure the HTTP traffic between client browsers and our servers, ensuring secure and reliable communication of sensitive data.

In recent years there has been a push from many of the big players on the Internet towards fully encrypted traffic for all sites using SSL & HTTPS. Google have been talking about securing all of their traffic via HTTPS for years, and their security bulletins give some good background information on why this is shaping up to be a good idea in the long run.

Recently, with the burgeoning number of sites and domains we now use in a modern SchemesWriter system, we have decided to upgrade our old certificate purchasing scheme to one in which we use what is called a wildcard certificate.

Where previously we purchased a single certificate to secure a single domain, we now have the power to use a wildcard certificate. This more powerful and flexible certificate is able to sign traffic on not only the root domain of one of our sites, but all of the sub-domains. This means that a root domain and any number of sub-domains can also be secured in the same way with a single certificate.

Previous versions of the SchemesWriter system did not use many distinct domains to run the application, and so using a wildcard certificate was not economically sensible. The security benefits of SSL could be realised with a single certificate for the live domain.

Once we started securing more than four live sub-domains, as we do now, a wildcard certificate became more economically viable. As such, we gained the benefit of securing all staging environments; as these ordinarily share a root domain with the live sites; as well as many of the UAT testing environments and supporting domains that are all involved in running a modern SchemesWriter system.

We are in the process of rolling this new methodology to our client sites and hope to enable the new certificates as each existing SSL certificate comes up for renewal. It will be a seamless transition that we will handle for all of our customer sites. Hopefully all you will notice is that the little green padlock starts appearing for all of your staging and testing environments.

If you have any questions regarding this process then please feel free to get in touch with us at support@brokertech.co.uk.