In this Issue:
It's Not Scary, Nor Is It A Fright
We've Made HTTPS Easy, So You'll Be Alright!
It's never been more important to protect the security and privacy of your users' data. With that in mind, Springshare has rolled out several major updates to LibGuides, LibAnswers, and LibCal that will enable you to give your users peace of mind.
Why Are We Doing This...And Why Now?
It all started when we found out that the Chrome 62 Update marks any http webpage that contains form content as insecure.
This means, that any public webpage containing a search box, LibCal booking form, or LibAnswers Question Submission form will automatically display a 'NOT SECURE' warning.
Bottom-line, this is not good PR for you! You don't want your patrons to think your LibGuides, LibAnswers, and LibCal websites aren't secure.
Chrome 'NOT SECURE' Warning Message
What's the Difference Between HTTP and HTTPS Webpages?
HTTP stands for Hyper Text Transfer Protocol, and its what allows users to access webpages. When you enter in http:// in front of your web address, it tells the browser to connect, fetch, and transfer the requested webpage.
HTTPS stands for Hyper Text Transfer Protocol Secure, which uses an encrypted connection when transporting webpage data.
Bottom-Line:
HTTP provides no security guarantees, and applications that use it cannot provide users any security.
What's a Security Certificate and Why Do I Need One?
Security Certificates are provided by third-party companies that verify your organization and your website transactions.
These Certificate Authorities provide a security certificate that enables you to authorize your website from http to https.
Essentially, the security certificate is what allows you to put the S in HTTPS.
I Have a Custom Domain (ends in .edu, .org, .co.nz, etc.)
If your v2 systems have custom domains (e.g., ask.mylibrary.org, calendar.university.edu), then you must obtain and install an SSL certificate in order to avoid warnings.
You’ll need to work with your IT colleagues to obtain an HTTPS certificate for each custom domain.
You own your domain and thereby you own the certificate, too…we just install it on our servers when it’s ready.
If – gasp – you ever decide to cancel any of your Springshare tools where you have an HTTPS certificate, you still own your certificate(s) and can move it/them to any other server.
Overview of Process:
Read Help Guide Modify CNAME Record Obtain Security Certificate Upload to LibApps
My Domain Ends in .libguides.com, .libcal.com, .libanswers.com, etc.
If your v2 system is on a Springshare-owned domain, you're all taken care of! These domains already have SSL/HTTPS support built-in. So you can update all links to / within your system to HTTPS links now.
|
Supported Springshare-Owned Domains |
Unsupported Springshare-Owned Domains |
|---|---|
|
If you're using one of these domains, you need to |
I'm Still On Version 1 of LibGuides / LibAnswers / LibCal
My V1 domain ends .libguides.com, libanswers.com, libanalytics.com
You're covered by the Springshare-owned domains. Just link to / within your sites using HTTPS instead of HTTP.
But we strongly encourage you to move to v2. It's a free update and the v2 platform is better, more secure, faster, and feature-rich.
My V1 domain ends in .edu, .org, .gov, .co.uk, etc.
For v1 systems that have custom domains, you must migrate to v2 as soon as possible to avoid HTTPS issues.
We are unable to support SSL certificates for v1 custom domains.