Provide your visitors and the UBCMS with a higher level of protections.
The UBCMS is not quite ready for systematic implementation of SSL using page Properties. If you would like to make your site secure, please run the testing procedures described on this page, then contact us for assistance in completing the process from the back end.
Last reviewed: November 6, 2020
An increasing number of websites are switching their pages over to secure (https:// vs. http://) configurations, for practical reasons, and because search engines like Google are pushing hard for this change.
On the positive side, running your website as https:// provides security for any user information received through your forms, as well making it much harder for hackers to insert malicious code into our system. Additionally, browsers may soon mark 'insecure' http:// pages with a cautionary flag, or even make it harder to view them, and Google has threatened to downgrade insecure pages in its search returns (reducing your SEO). Finally, https:// security may increasingly be required for new browser features.
All UBCMS https URLs use the same SSL certificate, which is signed by a trusted certificate authority (e.g. not self-signed) so that it is trusted by default by pretty much every browser or search engine. The same certificate is valid for all buffalo.edu sites (*.buffalo.edu), including sub-domains like mgt.buffalo.edu and a handful of other hostnames we serve from the UBCMS.
The UBCMS supports https:// through SSL (secure sockets layer) protection, and this can be turned on in Properties, after you first test that your site functions properly in secure mode.
Make these changes in your home page's Properties. They will then be applied to your entire site.
First, you would test your published site to make sure it works with https/SSL. Basically this involves just going out of your way to access your sites via https URLs instead of http URLs. They should already be working this way, just not requiring it or redirecting to it. Basic things to check and watch out for are:
Once it appears that everything will work via https, switch the 'Require SSL Site-Wide' setting on in Properties and (re)activate that page. (Every page from there down will flip to https if accessed via http.) To be safe, turn this on for one of your smaller or less critical sites first and give it a few days. Or if you really want to play it safe (or need to test out any details of how this works), switch it on for just a section of a site or even a single page.