SSL Certificates are small data files that digitally bind an access key to a website to encrypt traffic. When an SSL installs on a CivicPlus website, it activates the “padlock” and the HTTPS protocol and allows secure connections from a web server to a browser. The initials "SSL" comes from Secure Sockets Layer, a cryptographic protocol. Though newer certificates use TLS (Transport Layer Security) protocol, instead of SSL, both kinds of certificates can be referred to as an “SSL” or an “SSL certificate”.
HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by an SSL. The main motivation for HTTPS is authentication of the visited website and protection of the privacy and integrity of the exchanged data. HTTPS verifies the identity of a website or web service for a connecting device and encrypts nearly all information sent between the website or service and the user. Protected information includes cookies, user agent details, URL paths, form submissions, and query string parameters. HTTPS prevents this information from being read or changed while in transit. HTTPS also communicates to the device that the web service host demonstrated ownership of the domain to the certificate authority at the time of certificate issuance. This improves SEO (Search Engine Optimization) and communicates to end-users the site is trusted, and not just masquerading as a legitimate website.
Custom SSL Overview
With a custom SSL certificate, sites do not reroute to a CivicPlus domain when users authenticate, but more importantly, a custom SSL certificate enables the use of HTTPS-Only (no more HTTP). You can then enforce HTTPS so all browsing redirects to the secure HTTPS domain, which meets the HTTPS-Only Standard (see The HTTPS-Only Standard site for more information).
Benefits of HTTPS Only
- Secure Encryption: Encryption of secure data keeps it secure from eavesdroppers; while users browse a site, nobody can “listen” to their conversations, track their activities across multiple pages, or steal their information
- Data Integrity: Nobody can modify or corrupt data during transfer, intentionally or otherwise, without detection
- Authentication: Authentication proves that your users communicate with the intended website and all information that the site receives is from intended users; it protects against man-in-the-middle attacks, in which hackers can intercept and alter data before it reaches the intended recipient
- Improved SEO (Search Engine Optimization)
- Trusted site lock icon on all browsing
- Meets the HTTPS-Only Standard
Disadvantages to HTTPS Only
- Performance: Encrypted browsing traffic consumes more resources. This could result in a slight increase in load time.
- Third-Party Content iFrames may not display for end-users unless those iFrames also utilize HTTPS.
CivicPlus on HTTPS
All CivicPlus sites use an SSL certificate to encrypt authentication information over an https:// connection. If a site does not have a custom SSL certificate, users will reroute to the .civicplus.com domain, which uses one of CivicPlus’s wildcard certificates (*.civicplus.com) during login.
For more information about pricing, please contact your Client Success Manager. If you are not sure who your Client Success Manager is, you can contact our Support team.