Securing Your Majestri Site

Data security is becoming a bigger issue in today's online world. If you haven't already, you're going to get some comments from members who want to know why their interactions with your club website aren't 'secure'.

We take security very seriously indeed, as your data does not belong to us and we need to protect it. Making a site secure is an extraordinarily onerous process given how important it is, so we've decided to expand our offering a bit to make it easier for non-technical club people to have a secured site.

Update - December 14 2020

At some point in the last 24/48 hours, Google has cracked down harder on sites not secured with a certificate. Users of Google Chrome on an unsecured site are presented with the warning shown below when attempting to log in.


Resolving this issue requires the installation of an SSL certificate, so please read this article carefully and decide as a club how you'd like to proceed.

Google Security Warning

top

Background

Google has started cracking down on sites that don't currently have a security certificate in place. As suggested in this blog article, the lack of a certificate may affect rankings in their search results, and Chrome also looks a bit scarier when viewing a site without a certificate.

This is what a site looks like in Chrome when it is secured by a certificate:

https

This is what a site looks like in Chrome when no certificate is in place.

http


What is a certificate and how does it work?


A certificate (commonly referred to as an SSL certificate) is something that you purchase from a 3rd-party authority such as VeriSign or RapidSSL. It is used to encrypt communications between a site and its visitors' browser to prevent what are called 'Man-in-the-Middle' attacks. Essentially, a certificate guarantees that only the visitor and the server can read any communications between the two parties.

A certificate is used to secure a domain name, so just like your club domain and also club email accounts, it has traditionally been the responsibility of a club to acquire and have a certificate installed. In reality, the process of acquiring and installing a security certificate is overwhelmingly onerous, and requires quite a bit of technical knowledge and expertise. Additionally, certificates don't live forever. They must be renewed before they expire, and again, it's not a trivial exercise.

In an effort to encourage a more secure Internet, there are some Not-for-Profits who now issue free, albeit short-lived certificates, but it is still a process that requires experience.
top

Does this affect us?

Both the online credit card payment process and the login process are already secured by a Majestri certificate. You would notice in your browser that both of those processes run under a '.majestri.com.au' address. Our certificate already takes care of those secure processes.

If you haven't wired up a club domain name to your Majestri site (ie. your Majestri web address has 'majestri.com.au' as part of it), then you also have no problem - our certificate takes care of encrypting all communications there as well.

You really only need to keep reading if your club domain name points at your Majestri site. As mentioned earlier, a secure certificate is issued on a domain name basis, so our certificate cannot be used to secure your site. Read on for your options....
top

What do we need to do?

You have two options available to you:

  1. Sign up for Majestri's SSL Security Management service at an extra $10/month.
  2. Purchase your own certificate and bundle it into the relevant PFX format for us to install on your behalf.


The next two sections explain each option in more detail.

top

Majestri's Security Service

For clubs who would like to continue using their club domain name, we have invested heavily in some infrastructure to try and make this whole certificate problem go away for you. We have constructed a way to procure and install a certificate on your behalf, but it needs to be done on a regular basis as the certificates we acquire have a very short life-span.


Because of our investment and ongoing administration required for this service, we will need to charge a little bit extra on top of our existing subscription fee. This amount will be an extra $10/monthon top of the subscription fee. So if you're like most clubs and pay us $588/year (@ $49/month), that cost would go up to $708/year (@ $49 + $10/month). We firmly believe that there is a huge amount of value in that extra $10 a month, and we've priced it as low as we can without going backwards.

In light of the global changes around secure sites, we require all Majestri sites are secure. Please contact us at support@majestri.com.au to discuss your requirements.

top