Provide your visitors and the UBCMS with a higher level of protections.
Please run the testing procedures described on this page, before you enable SSL/https for your entire site.
Last reviewed: March 4, 2022
An increasing number of websites are switching their pages over to secure (https:// vs. http://) configurations, for practical reasons, and because search engines like Google are pushing hard for this change.
On the positive side, running your website as https:// provides security for any user information received through your forms, as well making it much harder for hackers to insert malicious code into our system. Additionally, browsers may soon mark 'insecure' http:// pages with a cautionary flag, or even make it harder to view them, and Google has threatened to downgrade insecure pages in its search returns (reducing your SEO). Finally, https:// security may increasingly be required for new browser features.
All UBCMS https URLs use the same SSL certificate, which is signed by a trusted certificate authority (e.g. not self-signed) so that it is trusted by default by pretty much every browser or search engine. The same certificate is valid for all buffalo.edu sites (*.buffalo.edu), including sub-domains like mgt.buffalo.edu and a handful of other hostnames we serve from the UBCMS.
The UBCMS supports https:// through SSL (secure sockets layer) protection, and this can be turned on in Properties, after you first test that your site functions properly in secure mode.
Before you enable site-wide SSL, we strongly recommend you check for any issues that may cause conflicts.
Make this change in your home page's Properties. It will then be applied to your entire site.
Select or open your home page, then open Properties (shortcut p), then look in the Advanced tab for the Require SSL section and select the 'Require SSL Site-Wide' setting.*
Remember to republish your home page to make this live.
* There is no need to adjust 'Require SSL (HTTPS-only)' in the dropdown. This value is over-ridden when you select the Site-Wide setting.
This will require SSL on all child pages, including child pages that you may consider parts of a different site, such as academic departments or research/clinical centers. Be sure to test those sites too, or enable this feature in those areas first.