Q: What is SSL and why is it important for my Encompass website?
A: SSL (Security Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry-standard and is used by millions of websites in the protection of their online transactions with their customers.
Q: What action do I need to take to enable SSL on my site?
A: In order to have your site hosted on Full-Site SSL, you must opt-in. Encompass will procure the security certificate for you. Please refer to the email sent to our primary contacts at each of our organizations, or view more details about the implementation process on the Full-Site SSL Implementation page.
Q: How long will it take?
A: Once you submit the Opt-In form on behalf of your organization, Encompass will make the necessary changes in the next 3 business days. You will receive an email once it's complete.
Q: What if I have more than one iModules Site...or sub-communities?
A: Each site will require an SSL certificate if you want your site to be full-site SSL secure. For sub-communities, each sub-community will require its own certificate if you would like for that sub-community to have a different domain or URL than the primary domain.
Q: What if I already purchased a branded commerce URL to replace the securelb.iModules domain?
A: If you have already purchased a branded commerce URL for commerce transactions, you will receive an additional 10 SSL certificates to cover your domains. Please be sure to review the instructions on the Full-Site SSL Implementation page so that you fill out the appropriate opt-in form for a branded client.
Q: How do I know what domains my site is using?
A: Please go to the Full-Site SSL Information gold key page to review what domains or URLs are configured for your site. You must be a super admin to view the gold key page, and it can be found in the upper right hand corner of the Encompass backend.
Q: Is there a charge?
A: Encompass will provide one secure certificate at no additional charge. If you have more than one URL that requires a certificate there is a price of $200 per certificate, per year. If you have already purchased a branded SSL certificate for commerce transactions, you will receive an additional 10 SSL certificates to cover your domains.
Q: What if I already have purchased a secure certificate for my site?
A: To ensure timely annual maintenance of your certificates and your sites, we are requiring that Encompass be the party to provision and maintain the certificates on behalf of the client.
Q: Will my site be down when the change is made?
A: No, your Encompass site will not have to be down in order to implement the change. However, immediately after the change is made your site will be cleared from cache, causing temporary slowness for initial users.
Q: Are there any potential implications I should be aware of after SSL is implemented on my site?
A: Yes, converting your Encompass site to SSL will help secure all of the content that is hosted via your Encompass site. However, any links or content on your site that is hosted external to Encompass and on an insecure source will cause mixed content warnings. See the Mixed Content Overview page to learn more about mixed content.
Q: How do I determine what is causing a page to receive a mixed content indicator?
A: For Safari, go to Safari on the menu bar > Preference > Advanced > Select "Show Develop menu in menu bar". Once the developer tools have been turned on, right click on any area of the page and select Inspect Element. Navigate to the console tab and review the highlighted items that the browser is saying are the cause of the mixed content indicator.
For Internet Explorer, Chrome, and Firefox, with the browser open and on the page causing the warning right click on the page and select Inspect Element. Navigate to the console tab and review the highlighted items that the browser is saying are the cause of the mixed content indicator.
Q: How do I resolve mixed content notifications?
A: Mixed content warnings are caused by assets such as images or JavaScript being provided via the http rather than HTTPS protocol. Once the cause of a mixed content notification has been identified, determine if an HTTPS alternative is available for the asset, for example, moving an image to a secure server and then updating the Encompass content to reflect the change in location.