Securing Custom Domains on PWS

Google has recently released Chrome 68 and with this release HTTP sites will now show “Not Secure” in the Chrome omnibox.

SSL is critical if you are taking payments or asking for personal information from your users.  Further, Google lowers search ranking results for unsecured sites. Regardless, having a secure site is considered best practice and with Google’s nudge to towards making security more visible on the web there’s no time like the present to add SSL to your site.

If you are using a cfapps.io domain you are already secured via PWS.  If you are using a custom domain you should ensure you have SSL termination.  You can do this by adding Pivotal SSL to your PWS domain, available on the Pivotal marketplace here, or by using a proxy like CloudFlare, or Let’s Encrypt.