Subscribe to the Non-Human & AI Identity Journal

Forums
The Non-Human & AI ...
NHI, AI & IAM Suppo...
Chrome’s not secure...
 
Notifications
Clear all

Chrome’s not secure warning: what IAM and security teams should do

 
    Last Post
  RSS

 NHI Mgmt Group
(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 7811
Topic starter 24/06/2026 11:12 pm  

TL;DR: Chrome’s “Not Secure” warning flags pages served over HTTP because the connection is unencrypted and unauthenticated, leaving content and submitted data exposed to interception or tampering, according to DigiCert. The governance lesson is simple: browser warnings are a symptom of broken transport trust, not a site malware signal.

NHIMG editorial — based on content published by DigiCert: Seeing a “Not Secure” warning in Chrome? Here’s why and what to do about it

Questions worth separating out

Q: How should organisations handle websites that still show a browser not secure warning?

A: They should move the entire site to HTTPS, not just the login page.

Q: Why do insecure web pages matter to identity and access management?

A: Identity controls depend on a trustworthy transport layer.

Q: What breaks when HTTPS is only deployed on part of a website?

A: Partial deployment creates inconsistent assurance.

Practitioner guidance

  • Force HTTPS across the full user journey Redirect every HTTP request to HTTPS by default, including landing pages, help pages, and form flows.
  • Audit mixed-protocol paths before they reach users Map every page, API endpoint, and embedded resource that still loads over HTTP.
  • Deploy certificates and session protections together Pair TLS certificate rollout with HSTS, secure cookies, and consistent session handling so the browser can enforce the secure path automatically.

What's in the full article

DigiCert's full article covers the operational detail this post intentionally leaves for the source:

  • Browser-specific examples showing how Chrome, Safari, and Firefox present insecure pages.
  • Step-by-step guidance for site owners on choosing and installing the right TLS/SSL certificate.
  • Practical visitor guidance for dealing with pages that still load over HTTP.
  • Explanations of why some pages on a site may be secure while others still trigger the warning.

👉 Read DigiCert’s explanation of Chrome’s not secure warning and HTTPS fixes →

Chrome’s not secure warning: what IAM and security teams should do?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
Topic Tags
digicert https-security browser-warning tls-certificates identity-assurance
Forum Jump:
  Previous Topic
Next Topic  
Related Topics
Topic Tags:  digicert (375) , https-security (1) , browser-warning (1) , tls-certificates (5) , identity-assurance (50) ,
Share:

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

Legal & Policies

©2025 NHIMG. All right reserved.