HTTPS SecurityHypertext Transfer Protocol Secure (HTTPS) is a communications protocol for secure communication over a computer network. The protocol applies Transport Later Security - cryptography to minimize the risk of unwanted/unknown third parties intercepting the transmission.
Higher Logic websites support HTTPS. Further, the technical and often onerous process of acquiring a certificate has been performed for all client domains. Higher Logic default certificates from LetsEncrypt.org can be applied to any domain through the Admin site’s Certificate Administration page. Some clients may desire to use a unique/branded certificate. Externally-purchased certificates can also be applied to domains utilized by Higher Logic websites. This can be configured by a client administrator HLAdmin with the login credentials for managing the domain.
Applying HTTPS Security with Default CertificatesCertificates supplied by Higher Logic can be applied to any domain. This is done on the Certificate Management page, found under Tools, on the Admin site. To establish HTTPS security for any domain, select “HTTPS” or “HTTP & HTTPS” from the Allowed Request Schemas column and click the corresponding “Change Schema” button.
The following are recommended actions to perform with an initial HTTPS schema update:
- Use HTTP & HTTPS initially to mitigate possible security
- Review the sites using that domain for objects and references to HTTP. These will cause “unsecured” warnings which disrupt user experiences. Embed code, image URLs and external files referenced in page content and heads commonly need to be updated prior to committing to HTTPS.
Unique Certificates: HTTPS Configuration Instructions:The process of purchasing, requesting and validating the request can happen outside the Higher Logic platform - typically through the domain registrar. This process utilizes encryption in multiple steps and is quite complex. Clients with the technical background to complete this process can use the steps below to complete installation for their Higher Logic hosted website(s). Clients unable to complete complete this operation are welcome to open a ticket. Assistance by Higher Logic staff will be performed as a task order. Higher Logic staff will work with a client admin to achieve the security standard or can perform the operations necessary if provided domain login credentials.
These instructions are inclusive of steps performed using externally-provided software or websites and the configuration on the Higher Logic platform.
- Confirm you have your password and domain registration login information for your domain registrar.
- Purchase a website certificate for the domain to be made secured from a certificate authority. This is typically the company that hosts your domain. Certificates are generally under $300.
- Create a certificate request to submit to the certificate authority. This is typically done via Microsoft IIS (a module of Microsoft Windows) or a certificate request generation tool provided by the certificate authority. Your certificate authority will have a webpage or tool to accept the certificate request.
- Following submission of the certificate request you will receive a response from the certificate authority. This response will be of file type CRT or CER. If the certificate authority responds with text, save it as a text file with a CER extension. Include all text and headers provided by the certificate authority.
- Complete the certificate request using the file from the previous step. The completion process is generally finalized in Microsift IIS. The completion of the certificate request will install the certificate on the user’s local machine.
- Export a PFX file – find the certificate you just installed using IIS and export it. This requires creation of a password. Save this file to your local machine and note the password.
- Save your certificate on the Higher Logic site. Navigate to the Higher Logic Admin page for Tools>Certificate Administration. Click the Add Certificate button to initiate the save process. The Add Certificate panel will include the following inputs:
a) Name: provide a friendly name of your choosing.
b) Admin E-mail: Provide an email address that will be used to receive management notifications
c) Upload PFX:
i) Choose File: Browse your local machine to find the PFX file.
ii) Password: Use the password from step 6
iii) Upload: Press the Upload button. The Private Key, Public Key, and Certificate Chain fields below will be filled at upload.
- Click the “Save and Add Certificate” button at page bottom to complete the save of the certificate.
- Enable the certificate. Completion of step 7 will return you to the CCAdmin>Tools>Certificate Administration page. Enable the certificate by clicking the “enable” button associated with your certificate.
- Associate the certificate with the domain. In the Domains panel you will see a “Manage Associated Certificates” button for each domain matching the certificate’s “Subject CN” field. Click this button to expose the Manage Certificate Associations page. There, check the box next to the friendly certificate name and click the “Save Changes” button.