Secure HTTPS protocol required by November 30, 2018
If one of the sites you host with us is not using the HTTPS protocol for serving its content a “bad actor” with access to the network being used to serve the content can read or modify the website before your users see it, putting your site integrity at risk. On December 1, 2018, all Remote-Learner hosted sites will be required to use the secure HTTPS protocol for secure encryption of all traffic and we want to work with you to ensure that you and your users are ready for the change. What follows is a list of questions and answers that we hope you will find useful in understanding and discussing these changes with your internal stakeholders. We recommend that you work with our support team to switch your site to using HTTPS prior to December 1st to keep your site running without issue for your users.
What is HTTPS protocol and why will it now be required?
Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP) for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS), or formerly, its predecessor, Secure Sockets Layer (SSL).
Without HTTPS data is sent in “clear text” and which can be viewed by internet service providers, WiFi eavesdroppers, etc. HTTPS was originally intended for sensitive data transfer, like online payments and passwords, and it was costly and slower than its insecure HTTP counterpart, but things have changed and approximately 75% of all internet traffic now uses HTTPS and many browser, like Chrome and Firefox, are beginning to offer visual warnings to users if the page their loading is not secured with HTTPS.
Several years ago Remote-Learner began offering HTTPS certificates at no additional charge and secure HTTPS is as fast or faster than insecure HTTP traffic and approximately 80% of the sites we host already secure all of their traffic. By making this required we will be improving confidence that you and your users have that their usernames, passwords, assignment submissions, grades, and all other site traffic are being communicated to and from the server securely.
What will be the impact on users of my site if I do nothing to prepare for the change?
Your site will still continue to load at the same URL, but it will load with the secure HTTPS protocol, rather than the insecure HTTP protocol. When we switch your site to using HTTPS we will run a replace script which will update internal links (links within your site to other locations on the same site) to their HTTPS counterpart. We will also add redirects so requests made through the HTTP protocol are sent to a secure HTTPS counterpart.
If your site contains resources from other, insecure sites then you have what is referred to as “mixed content”. If the insecure content represents a low thread level then browser will typically inform the user that the page is not fully secure and still load the content, but if it represents a high threat level some page resources may not be loaded. More information on mixed content can be found here: https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content
What should I do to ensure user experience is not negatively impacted?
While it will still be possible to correct any mixed content issues after the site has been switched to HTTPS we recommend a proactive approach so that issues can be identified and corrected for before your site’s users are impacted.
We encourage you to enter a support ticket requesting a “sandbox” copy of your site be set up with site-wide HTTPS so you can determine if you have any mixed content to deal with prior to the change. In most cases this is as simple as modifying the URL of the external site to include “https://” and our support team can provide some basic guidance if you have questions and can assist by mass-converting URLs in many cases.
Remote-Learner US, Inc.
1550 Larimer Street, Suite 785
Denver, CO 80202 USA
Remote-Learner Canada, Inc.
180 Northfield Drive West, Suite 4
Waterloo, ON N2L 0C7