Three years ago we applied SSL across all our hosted onCourse sites by default. That is, encrypting not just the checkout but every page on the site. To do that we invested in new SSL offloading load balancers and automation processes to easily purchase and renew SSL certificates.

Earlier this year we disabled SSL versions below TLS 1.2, which finally and definitively drove a nail through old IE browsers and operating systems like Windows XP.

Now our latest step forward is to introduce SSL certificates which expire every 90 days. We’ll be using the Let’s Encrypt service, which I believe has now been around long enough to prove that they are responsible and reliable. Our previous certificate vendor which we used until late 2017 was Symantec; despite the size and history of that company, they were reckless and untrustworthy. In this case you certainly don’t get what you pay for. Money seems to have corrupted the certificate signing industry, cutting corners to get more business.

What do you need to do? Absolutely nothing.

You’ll not notice any change and the new certificates are trusted by just about the exact same browsers as the certificates we use now, so none your users will notice either. Because they expire every 90 days, we are writing systems which will renew them every 60 days automatically, giving us 30 days to solve any problems. As new algorithms come along, you’ll get those upgrades much more quickly now. And any certificate signing problems will be in the wild for at most 90 days, so everyone should trust this new signing authority just that little bit more.