Couple of days ago, while deploying the corporate website, I’ve encountered the issue with HTTPS – the self-signed certificate was appearing as invalid in Chrome and it certainly did not work well for the user experience. So I had to dig deeper in this topic, keeping in mind that the HTTPS is the essential thing for the compliance with Russian federal laws that regulate the processing of personal data. The problem is that, for example, half of first googled web-sites of various web-development companies, at least in the city of Irkutsk, Russia, do not have the HTTPS, so this is potential risk for the management of these companies – any time the company can receive the paper from the prosecutor and get pretty big fines and blocking of the web-site by Roskomnadzor. Imagine what it will be for company that gets clients relying on contextual ads and organic search.
So, what do we got? We need to run the HTTPS for a corporate website of the small company with lowest possible cost that will be compliant with the law and web-browsers.