Benefits of HTTPS

It used to be the case that HTTPS was typically only used by banking sites and shopping sites.
However, it is becoming more and more common these days for sites that really have no technical
reason to use HTTPS to choose it over HTTP. Why is that? Well, one reason is that many
web masters have become more conscious of security and protecting the privacy of their visitors.
The more common reason, however, is that Google started giving a slight ranking boost to sites that use
HTTPS a little over 2 years ago.

Here Be Dragons

Perhaps you are thinking about switching your site over to HTTPS? That’s great, but you must
develop your migration plan carefully. Making the switch to HTTPS is an all or nothing endeavor.
Every page, image, movie, script, stylesheet or any other type of resource loaded into your site
must also use HTTPS. Failing to convert just one of them to HTTPS will result in your site
throwing up security warnings and drive visitors away — not what you want, right?

Careful Planning

As you might imagine, the key to successfully switching to HTTPS is careful planning. This is
where things seem to go wrong quite often. We have had quite a few customers switch their
sites to HTTPS recently only to find that their ads stopped working afterwards. What gives?
The reason is that while AdvertServe does support HTTPS it is an add-on feature, but more on
that later.

Develop a Checklist

  1. Identify all of the domain names and sub domains that your web site uses, which for many
    sites will only be one domain name but some sites may have more.
  2. Purchase an SSL certificate for those domains.
  3. Identify all of the third-party domain names that are used to load resources on your site.
  4. Verify that all of those third-party domains have HTTPS support enabled.
  5. Contact the operators of any third-party domains that do not appear to support HTTPS and ask them to support it.
  6. If the third-party is unable or unwilling to support HTTPS you will need to find a suitable replacement for them.

AdvertServe Checklist

AdvertServe uses a domain name such as yourcompany.advertserve.com or ads.yourcompany.com to load
your ads. You must contact us to enable HTTPS support for your actual ad serving domain(s). How much does it cost?
I thought you might ask that and relax because it is only $10 extra per month.

  1. Contact support to enable HTTPS for your AdvertServe domain.
  2. Do you serve third-party ads? Perhaps your advertisers send you DoubleClick tags? You must change
    all of these tags to use HTTPS! Again, all third-party domains referenced by your site must use HTTPS
    or they will cause a break in security.
  3. Creative assets hosted outside of the ad server must also be updated to use HTTPS.
    I really have no idea why some customers do this. Our CDN is free and when you upload
    files to the ad server it will rewrite their URLs to use HTTPS automatically.
  4. Once you have verified all third-party domains referenced by your ads are using HTTPS it is safe to proceed.

Execution

  1. Install the HTTPS certificate for your web site on your web server and verify it is working manually, but do not
    set up a URL rewrite to force HTTPS just yet!
  2. At this point it is also a good idea to test your SSL configuration: SSL Labs
    has an excellent and free test.
  3. If you find any problems with your SSL configuration they should be fixed before proceeding. The most common problem is making your site
    too secure by requiring higher grade encryption that older browsers don’t support. If your site isn’t processing financial transactions or
    requesting sensitive data from users you might want to support older encryption standards to avoid blocking out users with older browsers.
  4. Change all of the third-party domains to be loaded over HTTPS, which includes all of the AdvertServe tags on your site.
  5. Verify everything is working properly.
  6. Change any references your domain makes to itself to use protocol relative URLs. Better yet, don’t even include your domain in
    any internal links. Using relative URIs is a much better practice and will make rolling back to HTTP easy if you encounter any
    problems.
  7. Verify everything is working properly.
  8. Finally you can put a URL rewrite in place to redirect from HTTP to HTTPS to complete the switch and force HTTPS usage.
  9. Verify everything is working properly.
  10. Set yourself some kind of reminder about when your SSL certificate expires. You never want to let that happen.
    Most SSL providers will e-mail you ahead of time, but if you change e-mail address and forget to update them with
    your new one it’s good to have a secondary reminder set up elsewhere.

Have Questions?

Please feel free to contact support if you have any questions. We can help you develop a plan
to ensure switching your ads over HTTPS goes smoothly. In fact, we can also help you to identify
potential problems with third-party hosted ads and assist you in bulk updating them to use HTTPS.
Even if you have a plan already, it is a good idea to contact us and have us review your plan to make
sure you are not forgetting anything.