SSL Implementation

Overview

We have implemented TLS encryption on Aurora to serve all pages over HTTPS. This will ensure data is transmitted more securely. It will also help maintain search engine ranking and prevent users from seeing security warnings as search engines and browsers become more focused on prioritizing security.

Soon Google Chrome will start displaying a “Not Secure” message to users when entering data in forms served over the HTTP:// protocol. This is part of a broader goal of pushing all sites to serve all content over HTTPS://.

Impact

Users visiting sites on Aurora will be automatically redirected to https:// even if they don’t specifically enter that into the address bar. For most users there won’t be any difference, all of our core functionality should continue working just fine. Users may run into issues or see mixed content warnings if their page contains iframes or custom themes or plugins.

Testing

To test your site open it in your browser. If you are using a PC press F12 to open your browser’s inspector and go to the console tab. On Mac (Firefox/Chrome) you can open the inspector by pressing Cmd + Option + I. At this point you may need to enable the console, and/or refresh the page. Once you’ve done that if your site contains any unsecured content that needs to be updated related to this change you will see an error message similar to “HTTPS security is compromised”, “Blocked loading mixed active content”, or “Mixed Content”. If you see any of these messages they should also be accompanied by the URL of the content that needs to be updated, it may be an image, an iframe, a form, etc. If you recognize the content please try to resolve it by editing the page and changing it to https://. If you need assistance please contact the UITS Web Development at webdev@uconn.edu.