Hypertext Transfer Protocol Secure (HTTPS) is a communications protocol for secure communication over a computer network. The protocol applies Transport Layer Security cryptography to minimize the risk of unwanted/unknown third parties intercepting the transmission.
Higher Logic websites support HTTPS. In addition, the technical and often onerous process of acquiring a certificate has already been performed for your domain(s). Higher Logic default certificates from LetsEncrypt.org can be applied to any domain on the Admin > Tools > Certificate Administration page.
Some clients may desire to use a unique/branded certificate. Externally-purchased certificates can also be applied to domains used by Higher Logic websites. This can be configured by a Higher Logic staff admin with the login credentials for managing the domain.
Applying HTTPS Security with Default Certificates
You can apply certificates supplied by Higher Logic to any domain that has been validated. Validation requires a CNAME that points at TENANT.connectedcommunity.org (where TENANT is the value found on the Tools > Domain Configuration > Domain Administration page of your site).
NOTE: To learn more about CNAME and domains, see Higher Logic Community CNAME/DNS Instructions.
NOTE: Higher Logic does not provide certificates for "naked" or "root" domains. If you want to use one, you must purchase it from a Certificate Authority and add it to the Certificates section of the Tools > Certificate Management page of your site.
TIP: If you need a Certificate Signing Request, visit csr.higherlogic.com, and complete all fields.
1 - Request an SSL Certificate
After a valid domain has been added to the Higher Logic site, you can request a certificate by clicking Request Certificate. It may take up to 25 minutes for the certificate to appear in the Certificates area in the upper part of the page.
NOTE: If the certificate does not appear within two hours, create a case.
2 - Enable the Certificate
When the certificate appears, enable it in the Action column of the Certificates area.
3 - Apply the Certificate
Associate the certificate with the domain. In the Domains area, you will see a Manage Associated Certificates button for each domain matching the certificate's Subject CN field.
Click this button to display the Manage Certificate Associations page. Then, check the box next to your certificate and click Save Changes.
4 - Establish HTTPS Security
To establish HTTPS security for a domain, select HTTPS or HTTP & HTTPS from its Allowed Request Schemas menu and click Change Schema.
The following are recommended actions to perform with an initial HTTPS schema update:
- Use the HTTP & HTTPS option initially to mitigate possible security issues.
- Review the sites using that domain for objects and references to HTTP. These will cause "unsecured" warnings that will disrupt user experiences. Embed code, image URLs, and external files referenced in page content and headers commonly need to be updated prior to committing to HTTPS.
Unique Certificates: HTTPS Configuration Instructions
The process of purchasing, requesting, and validating the request can happen outside Higher Logic (typically, through the domain registrar). This process uses encryption in multiple steps and is quite complex. Clients with the technical knowledge to complete this process can follow the steps below to complete installation for their Higher Logic-hosted website(s). Clients unable to perform these steps are welcome to open a ticket requesting assistance (help by Higher Logic staff will be performed as a task order). Higher Logic staff will work with a client admin to achieve the security standard or perform the operations themselves, if provided domain login credentials.
These instructions are inclusive of steps performed using externally provided software or websites and the configuration in Higher Logic.
- Confirm you have your password and domain registration login information for your domain registrar.
- Purchase a website certificate for the domain you want secured from a certificate authority (this is typically the company that hosts your domain). Certificates are generally less than $300.00.
- Create a certificate request to submit to the certificate authority. This is typically done via Microsoft IIS (a module of Microsoft Windows) or a certificate request generation tool provided by the certificate authority. Your certificate authority will have a web page or tool to accept the certificate request.
- Following submission of the certificate request, you will generally receive a file of the type CRT or CER. If the certificate authority instead responds with text, save it as a text file with a CER extension. Be sure to include all text and headers provided by the certificate authority in the text file.
- Complete the certificate request using the file from the previous step (this is generally finalized in Microsoft IIS). The completion of the certificate request will install the certificate on the user's local machine.
- Export a PFX file – find the certificate you just installed using IIS and export it. This requires creation of a password. Save this file to your local machine and note the password.
- Save your certificate on your Higher Logic site. To do so, navigate to Admin > Tools > Certificate Administration, click Add Certificate, and then complete the following fields:
- Name - Enter a friendly name.
- Admin E-mail - Provide an email address you want to receive management notifications.
- Upload PFX - (1) Click Choose File and browse your local machine to find the PFX file. (2) Enter the password you annotated in Step 6 in the Password field. (3) Click Upload. The Private Key, Public Key, and Certificate Chain fields below will be filled in after upload.
- Click Save and Add Certificate at the bottom of the page.
- Enable the certificate. Back on the Certificate Administration page, click the Enable button associated to your certificate.
- Associate the certificate with the domain. In the Domains panel, you will see a Manage Associated Certificates button for each domain matching the certificate's Subject CN field. Click this button to display the Manage Certificate Associations page, and then check the box next to your certificate and click Save Changes.