It's never been more important to protect the security and privacy of your users' data. With that in mind, Springshare has rolled out several major updates to LibGuides, LibAnswers, and LibCal that will enable you to give your users peace of mind.
It all started when we found out that the Chrome 62 Update marks any http webpage that contains form content as insecure.
This means, that any public webpage containing a search box, LibCal booking form, or LibAnswers Question Submission form will automatically display a 'NOT SECURE' warning.
Bottom-line, this is not good PR for you! You don't want your patrons to think your LibGuides, LibAnswers, and LibCal websites aren't secure.
HTTP stands for Hyper Text Transfer Protocol, and its what allows users to access webpages. When you enter in http:// in front of your web address, it tells the browser to connect, fetch, and transfer the requested webpage.
HTTPS stands for Hyper Text Transfer Protocol Secure, which uses an encrypted connection when transporting webpage data.
HTTP provides no security guarantees, and applications that use it cannot provide users any security.
Security Certificates are provided by third-party companies that verify your organization and your website transactions.
These Certificate Authorities provide a security certificate that enables you to authorize your website from http to https.
Essentially, the security certificate is what allows you to put the S in HTTPS.
If your v2 systems have custom domains (e.g., ask.mylibrary.org, calendar.university.edu), then you must obtain and install an SSL certificate in order to avoid warnings.
You’ll need to work with your IT colleagues to obtain an HTTPS certificate for each custom domain.
You own your domain and thereby you own the certificate, too…we just install it on our servers when it’s ready.
If – gasp – you ever decide to cancel any of your Springshare tools where you have an HTTPS certificate, you still own your certificate(s) and can move it/them to any other server.
If your v2 system is on a Springshare-owned domain, you're all taken care of! These domains already have SSL/HTTPS support built-in. So you can update all links to / within your system to HTTPS links now.
Supported Springshare-Owned Domains
Unsupported Springshare-Owned Domains
If you're using one of these domains, you need to
You're covered by the Springshare-owned domains. Just link to / within your sites using HTTPS instead of HTTP.
But we strongly encourage you to move to v2. It's a free update and the v2 platform is better, more secure, faster, and feature-rich.
For v1 systems that have custom domains, you must migrate to v2 as soon as possible to avoid HTTPS issues.
We are unable to support SSL certificates for v1 custom domains.