What is this new Google “not secured” warning?
You may have received a notification email from Google informing you that starting in October of 2017 Google Chrome browser will begin displaying a “Not Secured” warning on all webpages served via HTTP (as opposed to HTTPS) that contain any form fields. This is an evolution of the change that was made earlier this year to include this warning on any page that had specifically credit card or password fields.
More can be read about it here at Google’s security blog https://security.googleblog.com/2017/04/next-steps-toward-more-connection.html
What pages in Luminate Online can be served via HTTPS?
All pages that have credit card fields are already required to be HTTPS, and any built in pages that accept constituent information can be served via HTTPS.
Why would this impact my site then?
If your site has any pages that have forms that are added into non-product built pages, including page wrappers (login or search for example), those pages will show the “not secured” until all pages are served via HTTPS.
What is Blackbaud doing to address this in Luminate Online?
We have already investigated existing product functionality and configuration changes within the product to move all pages to be served securely (via HTTPS), and functionally, Luminate Online can be changed to be served completely via HTTPS. But! We are in the process of testing the Luminate Online server infrastructure and configuration to be sure that there are no hardware or software changes necessary to serve all pages securely on Luminate Online.
Ok so when can we serve our entire Luminate Online site via HTTPS?
The timeline to get this functionality to our clients is:
September 2017: Internal infrastructure testing
Late 2017: Early adopter program (if you would like to take part, contact your Client Success Manager)
Early 2018 - Mid 2018: Available by request for any client.
What else do I need to know about the change to HTTPS?
Since every page will be served via HTTPS, you most likely will want to have a custom secure domain to maintain branding on your Luminate Online site (the default you see is “secureX.convio.net”. This is something that you’ll need to speak with your Client Success Manager about to get started with a custom secure domain.
This article will be updated if timelines change or there is any update to the process or plan.