I'll chime in and completely agree that the teams on the front line of our communities, customer facing and internal alike, are a breed unto their own. It is amazing to see the work that you put in to bring to life your brand for your customers!
... View more
@lilim, it was related to the 18.7 platform upgrade (one of the reasons we push Lithosphere earlier in the cycle typically). We identified the bug and have also identified communities that would be impacted by it. For those that would be impacted, we'll be reviewing whether the issue is resolved before it rolls out to the communities in question or delaying/rescheduling the current upgrade date.
Our goal is to prevent this from impacting our customers as best as possible!
... View more
In 2018 Lithium is moving all customer sites to SSL encryption (HTTPS) to safeguard customer data. HTTPS encrypts all data passed between the end user and your community. Lithium is ready to work with you to enable, test, and deploy a SSL certificate, to bring your community to full HTTPS delivery. We will also be sending out email notifications to our customers over the next month and a half as a reminder on this.
These changes will result in:
all pages/resources will be served over HTTPS in production
all pages/resources will be served over HTTPS in stage
requests for pages/resources/apis over HTTP will be redirected to their HTTPS equivalents
Note that the steps below follow Lithium Standard SSL deployment. Access to Standard SSL deployment is included with existing customer licenses (is free).
To get started, we ask that you follow the following steps.
Open a support ticket: Please open a support ticket via the case portal so that the support team can begin the process. If you have a technical resource on your side who can assist, please be sure to include them on the CC list when creating the case.
Certificate Procurement or Updates: If your community is not utilizing any form of SSL, Lithium Support will add your domain to the Lithium SAN SSL Certificate and prepare your community for HTTPS migration. If you already have SSL enabled but in partial mode, you’ll be transitioned over to full-site SSL.
Studio Review (Plugin Layer): Lithium Support will review your plugin and attempt to convert any hard-coded community HTTP paths to either use a relative path or HTTPS. More complicated asset updates will be flagged and communicated to your technical contact or may need a services engagement..
Community Admin Updates: While Support will handle the plugin transition, you will need to handle any hard-coded paths contained within the Community admin panel. This includes the announcement sections and custom content modules. If you had a customization work done through Professional Services, you may have a Settings List Editor section in your admin that will also need to be updated if it contains any fields created for URL’s.
Review on Staging: Once the plugin updates are completed and the certificate procured/updated, you will need to test and review your staging instance. If there’s any problems, please inform support. If there’s no problems, we’ll then move on to scheduling the changes for production:
Schedule your Production Deployment: Support will coordinate with you a production HTTPS deployment during a normal maintenance period.
FAQ - Frequently Asked Questions
Why is Lithium switching to HTTPS now?
Major browser and search vendors are making changes to flag pages that are delivered over HTTP as 'not secure' after July 2018. Obviously, this kind of message is not one you want associated with your brand. HTTPS is also a factor in search engine ranking. It's presumed that search vendors will add additional weight to HTTPS in their ranking formula this year.
What if part of my community is delivered over HTTPS already?
For customers using "mixed mode", Lithium will work with you to enable full site HTTPS using the existing SSL certificate. The steps required on your part are identical for customers using mixed mode.
Can I wait?
Not for much longer. Lithium is phasing out support for HTTP communities after 18.7, following best practices and maintaining our commitment to securing customer data.
Can I generate my own certificate?
Contact support or your account team for alternative SSL certificate scenarios. Note that alternative scenarios generally carry a charge and require an engagement (SOW). We typically advise against this direction.
What about external domains?
Anything hosted on the community will support HTTPS. However, any references to external domains will require that those domains be under SSL. If you’re using an external asset and the domain does not support HTTPS, we recommend that you upload the asset to your community via studio then update the reference code/URL.
What is a SAN SSL certificate?
See the What is the SAN SSL certificate? Article.
What are the benefits of using SSL (HTTPS encryption)?
See the Full HTTPS Encryption for all Communities article. Thank you for your time and we look forward to working with you to migrate you to HTTPS!
... View more