Have you seen a "Not Secure" message appear on your website or seen it more frequently as you browse the web using Chrome, Firefox or Safari browsers? These sites haven't suddenly been hacked; this new security marking is part of an effort started by Google to increase website security. By gradually changing the security markings on websites, they hope to compel website owners to use HTTPS encryption to tighten up security on their sites.
Eventually, our goal is to make it so that the only markings you see in Chrome are when a site is not secure, and the default unmarked state is secure. We will roll this out over time, starting by removing the “Secure” wording in September 2018. And in October 2018, we’ll start showing a red “not secure” warning when users enter data on HTTP pages.
In October’s version of Chrome (70), you’ll see a red “not secure” notifications when you enter data on an HTTP page.
How Do I Get Rid of this "Not Secure" Message in Luminate / TeamRaiser?
Luminate Online and TeamRaiser have always used HTTPS encryption on transactional pages, so your donation and registration forms are not affected by this change. A recently released update now allows you to also secure non-form pages with HTTPS.
This update, which we call "Secure Luminate", will redirect pages from HTTP to HTTPS - and eliminate "Not Secure" messages from most of your Luminate and TeamRaiser pages. It's important to know that website content updates may be required. Any hard coded links that point to HTTP content may need to be updated and pages will need to be checked for secure/non-secure content conflicts. You can read more about that process here: Luminate Online - Secure Readiness and Information.
Do I Need a Custom Secure Certificate Now?
Yes, you most likely will want to add a custom secure certificate now. To encrypt a website with HTTPS requires a secure certificate - an "SSL certificate" - that confirms your identify as a provider of content for your URL. Most Luminate customers use a shared Blackbaud SSL certificate, which is why your payment form pages might have the URL secure2.convio.net or secure3.convio.net.
If you use the shared Blackbaud secure certificate, switching to HTTPS for most of your webpages will cause all of them to display the secureX.convio.net URL rather than your own nonprofit URL.
To maintain branding on these pages, you need to add a custom SSL certificate. This will change the URL on all HTTPS pages (including payment pages) from secureX.convio.net to something like "secure.YourNonprofitURL.org".
Leave a Comment