The initials "SSL" come from Secure Sockets Layer, a cryptographic protocol. Though newer certificates use Transport Layer Security (TLS) protocol, instead of SSL; both kinds of certificates can be referred to as an “SSL” or an “SSL certificate”. SSL Certificates are small data files that digitally bind an access key to a website to encrypt traffic. When an SSL installs on a CivicPlus website, it activates the “padlock" icon and the HTTPS protocol which allows secure connections from a web server to a browser.
HTTPS Overview
HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by an SSL. The main motivation for HTTPS is authentication of the visited website and protection of the privacy and integrity of the exchanged data. HTTPS verifies the identity of a website or web service for a connecting device and encrypts nearly all information sent between the website or service and the user. Protected information includes cookies, user agent details, URL paths, form submissions, and query string parameters. HTTPS prevents this information from being read or changed while in transit. HTTPS also communicates to the device that the web service host demonstrated ownership of the domain to the certificate authority at the time of certificate issuance. This improves Search Engine Optimization (SEO) and communicates to end-users that the site is trusted and not just masquerading as a legitimate website.
Custom SSL
With a custom SSL certificate, sites do not reroute to a CivicPlus domain when users authenticate, but more importantly, a custom SSL certificate enables the use of HTTPS-Only (no more HTTP). You can then enforce HTTPS so that all browsing redirects to the secure HTTPS domain, which meets the HTTPS-Only Standard. To learn more, read The HTTPS-Only Standard site.
Benefits of HTTPS Only
- Secure Encryption: Encryption of secure data keeps it secure from eavesdroppers; while users browse a site, nobody can “listen” to their conversations, track their activities across multiple pages, or steal their information
- Data Integrity: Nobody can modify or corrupt data during transfer, intentionally or otherwise, without detection
- Authentication: Authentication proves that your users communicate with the intended website and all information that the site receives is from intended users; it protects against man-in-the-middle attacks, in which hackers can intercept and alter data before it reaches the intended recipient
- Improved SEO
- Trusted site lock icon on all browsing
- Meets the HTTPS-Only Standard
Disadvantages to HTTPS Only
- Performance: Encrypted browsing traffic consumes more resources. This could result in a slight increase in load time.
- Third-Party Content iFrames: This may not display for end-users unless those iFrames also utilize HTTPS.
CivicPlus on HTTPS
All CivicPlus sites use an SSL certificate to encrypt authentication information over an https:// connection. If a site does not have a custom SSL certificate, users will reroute to the .civicplus.com domain, which uses one of CivicPlus’s wildcard certificates (*.civicplus.com) during login.
Pricing
For more information about pricing, please contact your Customer Success Manager. If you are not sure who your Customer Success Manager is, you can contact our Support team.
Feedback About the Article
Let us know what was helpful or not helpful about the article below.0 comments
Please sign in to leave a comment.