1. Select your secure hostname
First, identify the unique domain name that will server as the secure hostname for your organization's secure pages on the Luminate platform. Here are a few guidelines:
  • A sub-domain of your existing top-level domain name is preferable for branding purposes – e.g. secure.abc.org, where www.abc.org is the main website.
  • If you select a sub-domain, you must already own the top-level domain name.
  • The subdomain cannot be a wildcard.
  • A new secure certificate is required, even if you’ve previously had one issued for this domain. Due to both technical restrictions as well as security best practices, it is not possible to reuse an existing certificate.
  • One secure hostname will serve all of your Luminate application secure pages.
  • If you use MultiCenter, all Centers will share the same secure hostname.  We recommend, therefore, that you choose one that is generic enough like secure.abc.org, rather than one that may only make sense in certain contexts like donate.abc.org.
2. Configure your DNS entry
If you've selected a hostname that is not currently being used for another live website, create a new DNS record that points it to Luminate. Here's how:

Create a CNAME record pointing to xyz-live.convio.net, replacing "xyz" with your organization's Luminate shortname.
  • Your shortname is the code that uniquely identifies your organization's instance of Luminate
  • Find it by looking at the URL for one of your existing online donation forms. In this example, the shortname is "xyz": https://secure2.convio.net/xyz/site.
If the secure hostname is already being used and will be moved to Luminate, you must wait to coordinate the timing of the DNS change with us during Step 5.

3. Provide required certificate contact information
Please provide your Blackbaud contact with all of the following required details to facilitate purchasing the secure certificate on behalf of your organization.
 
Organizational Contact Information
WhatDescriptionExample
Domain NameThe domain name to be used as the secure hostnamesecure.abc.org
Organization NameThe official legal name of your organization (including suffix - e.g. Inc., LLC, etc.)The ABC Foundation
DepartmentParticularly for larger organizations, a way to further identify ownershipDevelopment
Street AddressStreet address for your organization's legal headquarters123 Main Street, Suite 200
CityThe name of the city where your organization is legally headquartered (fully spelled, no abbreviations)Washington
State/ProvinceThe name of the state where your organization is legally headquartered (fully spelled, no abbreviations)District of Columbia
CountryThe two-letter ISO code for the country where your organization is headquarteredUS
Phone NumberMain Corporate phone number202-555-1212
Link to WhoIs Recordhttps://www.whois.com/whois/ - confirm all the info within this record is correct and set to public.
If the information is not correct or not public, you'll need to work with your IT department or the registrar to ensure it's accurate.
https://www.whois.com/whois/abc.org
 
Site Administrator Contact Information
WhatDescriptionExample
First NameFirst name of the site administratorJonathan
Last NameLast name of the site administratorSmith
Domain Admin EmailEmail for person who will receive certificate notifications. Must be an organizational email; no free accountsjon.smith@abc.org
Domain Admin Phone NumberOrganization phone number for person who will approve SSL certificate purchase202-555-1212
Site Administrator Email Addresses
You must have the following email addresses available in your domain and the mailbox associated with each account must be monitored for incoming mail:
  • admin@
  • administrator@
  • hostmaster@
  • postmaster@
  • webmaster@
4. Certificate purchase and validation
Blackbaud will purchase the certificate on your behalf. An overview of the process after I receive the info requested above:
  • Blackbaud SSL admins will place a request with the certificate authority (DigiCert or GeoTrust) for the new SSL certificate.
  • The certificate authority will reach out to the designated contact at your organization to authorize the certificate. This contact must respond to the certificate authority (DigiCert or GeoTrust) or they will not provide the certificate to Blackbaud. 
  • After the certificate is authorized, the certificate authority will provide Blackbaud with the SSL certificate.
  • Blackbaud SSL admins will configure and install the SSL certificate on the Luminate servers.
5. Going live
If you updated your DNS to point your secure hostname to Blackbaud in step 2, we will now configure our application so that your secure pages can be accessed via this domain.
  • For new Luminate customers: If you have not yet updated your DNS because your secure hostname is being moved from another website to Blackbaud, your Blackbaud implementation consultant will help to coordinate the update at this time.  We will time your changes with ours to minimize any disruption caused by re-pointing the domain name.  Due to the architecture of the Internet itself, any DNS change may take up to 24 hours to “propagate” and so it takes a while for visitors to find out that a website has changed locations.  During this time, some might see the old site, some might see the new site, and some might see no site at all.
  • For current Luminate customers: When we “switch on” your new secure domain, we’ll put a permanent redirect in place. This will direct the old secure URL (https://secureX.convio.net) to your new secure URL for secure pages. There may be very brief issues with domain redirection on your site as this redirect is set up. You don’t want to time this when you have a major marketing campaign going on or expect intense event activity.
A few specifics - you must inspect your site to verify that nothing has inadvertently broken with the redirect. A few examples:
  • Redirects – in places where you have multiple simultaneous redirects in place pointing to the same page, the addition of another could cause things like form actions to break. How many is “too many” chained redirects? Six or seven redirects may be too many. 
  • Customizations – if you have scraped any forms, you will need to verify the form actions
  • API – If you have API-based applications or integrations, you need to update the target URL from https://secure3.convio.net/xyz/site/abcAPI to https://secure.abc.org/site/abcAPI, where secure.abc.org is your new secure domain and abcAPI is the specific Luminate Online API being used. If you worked with a partner who did the API work for you, please discuss potential impacts with the partner before we make the URL change.
  • Welcome Series – check links in welcome series
  • External facing marketing assets and materials that use the old domain … check form actions, ensure you won’t have multiple redirects (it’s hard to define “too many” … as few as possible = always ideal).
Once the configuration is complete, your secure Luminate pages can be accessed via your new secure hostname.  Existing links and bookmarks using the old, generic “Convio” hostname will continue to work, but you will need to update links on your website to use the new secure hostname.

If you are using the Luminate Online APIs to submit donations, action alerts, surveys, etc. then you will need to change the target URL from https://secure3.convio.net/xyz/site/abcAPI to https://secure.abc.org/site/abcAPI, where secure.abc.org is your new secure domain and abcAPI is the specific Luminate Online API being used.

6. Ongoing maintenance
Your secure domain renewal is managed by Blackbaud. Here’s what to expect when we renew your certificate:
  • We automatically submit the renewal to the certificate authority (DigiCert or GeoTrust) 90 days in advance of expiration.
  • The certificate authority will reach out to the certificate contact at your organization to validate the renewal. You will need to authorize the renewal with the certificate authority, as you did in Step 4.
  • f you do not respond to the certificate authority, your domain will be at risk of expiring, Blackbaud will email your certificate contact three times – 14 days, 7 days, and 3 days before expiration – to remind him or her to authorize the renewal.
If your certificate contact does not respond to these notifications, your secure certificate will expire, and you will have an interruption of service.