Forcing a system to load over HTTPS

Getting there

To manage the domain names of your LibApps sites, go to Admin > Domains and Certificates.

Navigating to the Domains and Certificates page


Forcing a site to load over HTTPS

By requiring your site to load over HTTPS, you can ensure that your users will always be viewing your site over a secure connection. When enabled, users attempting to visit your site over HTTP will be automatically redirected to HTTPS. In addition, all system-generated URLs will use HTTPS, as well.

Caution: test your site before requiring HTTPS

Before enabling the option to force HTTPS for your site, take a moment to visit it over HTTPS to ensure that none of your pages are loading external content from non-secure sources. When you visit a site via HTTPS, browsers will hide any content being loaded over HTTP to preserve the secure connection (this is known as mixed content). This can include things like:

  • Images in custom headers or footers
  • Embedded pages or widgets inside of iframes (this includes pages displayed in LibWizard tutorials)
  • Embedded widgets, such as videos or catalog search boxes
  • External stylesheets (e.g. in your site's Custom JS/CSS code)
  • External javascript files (e.g. in your site's Custom JS/CSS code)

In order for a browser to completely consider a page secure, you must ensure that it does not contain any mixed content. If any of your embedded content can support being loaded over HTTPS, then update its source URL to use https:// instead of http:// before enabling HTTPS for your site.

If a piece of embedded content does not support HTTPS at all, however, please contact the content provider or vendor to see if they can provide HTTPS-compatible code. Otherwise, you may want to consider removing the content from your guides until you can find a secure alternative.


​LibGuides, LibAnswers, & LibCal

  1. Click on the Manage HTTPS () icon in the Actions column.
  2. Click on the Force HTTPS tab.
  3. Change the HTTPS Setting option to Required.
  4. Sites that have this option enabled will display a checkmark in the Force HTTPS column on the Domains and Certificates page.
    • Supported: when this option is selected, your site will load over HTTP by default. However, you can choose to load your page over HTTPS if desired -- either by creating links to your site using HTTPS or by changing the URL in your browser from HTTP to HTTPS.
    • Required: when this option is selected, your site will always load over HTTPS. If a user attempts to visit your site over HTTP or without specifying a protocol, they will be redirected to an HTTPS connection automatically. This is recommended, as it ensures that all users will be visiting your site over a secure, encrypted connection.
Please note: in order for users to see your LibGuides blog posts, your blogs must be viewed over a secure HTTPS connection. For best results, therefore, we recommend that you set your LibGuides HTTPS Setting to Required.

Screenshot of the Manage HTTPS icon

Example of changing the HTTPS Setting to Required

Screenshot of a site with Force HTTPS checked


LibWizard

LibWizard can be configured to load over HTTPS by default in the LibWizard system settings. Just log into LibWizard and go to Admin > System Settings > Misc Settings.


LibInsight and LibStaffer

Both LibInsight and LibStaffer are designed to always load over HTTPS, so there's nothing you need to do here. :)

Related Articles