Hypertext Transfer Protocol Secure (HTTPS) is a communications protocol for secure communication over a computer network. The protocol applies Transport Layer Security cryptography to minimize the risk of unwanted/unknown third parties intercepting the transmission.

Higher Logic websites support HTTPS. In addition, the technical and often onerous process of acquiring a certificate has already been performed for your domain(s). Higher Logic default certificates from LetsEncrypt.org can be quickly applied to any domain in the Admin interface.

To manage your domains and certificates:

1. Access the Admin interface.
2. Navigate to Pages > Sites > Domain Settings.

NOTE: Some customers might want to use a unique/branded certificate. Externally-purchased certificates can also be applied to domains used by Higher Logic websites. This can be configured by a Higher Logic staff admin with the login credentials for managing the domain.

Add a default certificate

You can apply certificates supplied by Higher Logic to any domain that has been validated. Validation requires a CNAME that points at TENANT.connectedcommunity.org (where TENANT is the value found on the Admin > Pages > Sites > Domain Settings page.

To learn more about CNAME and domains, see Higher Logic Community CNAME/DNS Instructions.

NOTE: Higher Logic does not provide certificates for "naked" or "root" domains. If you want to use one, you must purchase it from a Certificate Authority and add it to the Certificates page in the Admin interface:

TIP: If you need a Certificate Signing Request, visit csr.higherlogic.com and complete all fields.

Steps to generate a default certificate

1. Click the dropdown to the right of the page title and select Certificates.
2. Click the plus symbol (+) to the right of the page title.
3. Select Generate a free certificate.
4. Select one of your organization's domains from the dropdown.
5. Click Add.

The system will automatically enable the default certificate. This process will take approximately 20 to 30 minutes.

NOTE: Default certificates are generated by Let's Encrypt (https://letsencrypt.org/). These certificates will display Set to Auto-Renew. If the auto-renew fails, Failed Auto-Renewal will display.

Import a certificate

The process of purchasing, requesting, and validating the request can happen outside Higher Logic (typically, through the domain registrar). This process uses encryption in multiple steps and is quite complex.

• If you have the technical knowledge to complete this process, follow the steps below.
• If you don't have the technical knowledge, or are not comfortable performing these steps, create a case. We will either work with you to achieve the security standard or perform the steps ourselves, if provided domain login credentials.

TIP: Higher Logic recommends implementing reminders for when your custom certification(s) will expire; the best practice is to ensure a replacement certification is ready prior to the previous one's expiration.

These instructions are divided into two sets:

• The external steps you have to complete in order to acquire the unique certificate.
• The steps you perform on your Higher Logic site to import the certificate.

External steps

1. Confirm you have your password and domain registration log-in information for your domain registrar.
2. Purchase a website certificate for the domain you want secured from a certificate authority (this is typically the company that hosts your domain). Certificates are generally less than $300.00.
3. Create a certificate request to submit to the certificate authority. This is typically done via Microsoft IIS (a module of Microsoft Windows) or a certificate request generation tool provided by the certificate authority. Your certificate authority will have a web page or tool to accept the certificate request.
4. Following submission of the certificate request, you should receive a CRT or CER file. If the certificate authority instead responds with text, save it as a text file with the .CER extension. Be sure to include all text and headers provided by the certificate authority in the text file.
5. Complete the certificate request using the file from the previous step (this is typically finalized in Microsoft IIS). The completion of the certificate request will install the certificate on the user's local machine.
6. Export a .PFX file – find the certificate you just installed using IIS and export it. This requires creation of a password. Save this file to your local machine and note the password.

Higher Logic steps

Now that you've exported the .PFX file, it's time to import it on your Higher Logic site.

1. Navigate to Admin > Pages > Sites > Domain Settings.
2. Click the dropdown to the right of the page title and select Certificates.

3. Click the plus symbol (+) to the right of the page title.
4. On the Add Certificate dialog, select Import your own certificate and complete the fields:

• • Specify the Name and Certificate Password fields; this enables the "choose a file" button.
  • Click the "choose a file" button to navigate to and choose a Certificate File (the .PFX file).
    • When the file has uploaded, the "key" and "chain" fields in the lower section are auto-populated with the appropriate values.

5. Click Add to save your certificate information; a confirmation message displays indicting that the certificate has been saved.

The system will automatically enable your uploaded certificate and assign it to the domain. This will take approximately 20 to 30 minutes.

IMPORTANT: If you have an old or expired certificate associated to this domain, delete it while the new certificate is processing. This will enable the system to automatically assign the new one after it has been processed.

Establish HTTPS security for a domain

1. Click the dropdown to the right of the page title and select Certificate Assignments.

2. Select a certificate in the list and click Change Schema.
3. In the dialog, click the dropdown and select HTTPS.
4. Click Change to apply the schema update.

The following are recommended actions to perform with an initial HTTPS schema update:

• Use the HTTP & HTTPS option initially to mitigate possible security issues.
• Review the sites that are using that domain for objects and references to HTTP. These will cause "unsecured" warnings that will disrupt user experiences. Embed code, image URLs, and external files referenced in page content and headers commonly have to be updated prior to committing to HTTPS.