FAQs for Enabling HTTPS on WWW Websites
Recently, browser behavior shifted, impacting user experiences on sites without HTTPS support. This notably affects all Chrome users; Chrome users are forced to use HTTPS exclusively. Consequently, users encounter an error page instead of accessing your webpage as intended when the browser enforces this change.
As a result, CUIT will be enabling https. Most sites should work ok as it Is under HTTPS, but this page is intended to help homepage owners who need to change their content to support HTTPS.
Related Information
FAQs
You need to connect to cunix.cc.columbia.edu via ssh/scp/sftp and modify your web content. For your homepage, that would be in the public_html directory in your home directory.
For other websites on cunix, generally the directory /www/data/cu/pathToYourSite would be where your website content is. For example if your site had the url www.columbia.edu/cu/department/helloWorld, then the content would be located in the directory /www/data/cu/department/helloWorld.
- Use a file client such as Filezilla or WinSCP installed on your computer.
- Verify that you know your login credentials. If you have forgotten your password or need to reset it, that can be done at https://uni.columbia.edu.
- You may also need to enable MultiFactor Authentication (MFA). That can be done at https://www.cuit.columbia.edu/mfa.
- For additional questions or assistance, please submit a ticket to the CUIT Service Desk, email [email protected], or call 212-854-1919.
After you have a client installed and have credentials available, use your client to use one of the protocols (scp/ssh/sftp or cunix.cc.columbia.edu) to make your changes.
You want to look through your HTML code for anything resulting in mixed http and https content. A technical explanation of mixed content is available here. High-level, modern browsers consider it a security violation to have part of your website in http and another part in https. The reason is that a nefarious user could use the http content to view what you and the user are doing via https - which defeats the purpose of https.
The most common coding issue you need to look for in your code is the occurrence of full URLs to static content. For example, loading an image using the below code:
<img src="http://someurl.com/myimage.jpeg"/>
The above code will give the user an image from that http URL, and if the user is navigating to your site via https (what you see in the browser URL bar), the browser will either throw an error or may silently fail to load the image.
You want to modify the above example so the file is pulled from a local resource like the example below.
<img src="../myimage.jpeg"/>
The above example will allow the browser to load the image via http or https based on whether the user is viewing your site over http or https - thereby avoiding error messages.
Connect to CUNIX as described above. You may want to download a copy of your site for archival purposes using the scp/sftp tool you used to access CUNIX.
IMPORTANT: This step cannot be undone. Once you are sure you want to remove your site, delete your website directory completely. That will take your site offline.
Columbia homepages are free of charge and allow for more technical freedom via self-service than other offerings at CUIT, but that presupposes that the person using the service has a relatively strong technical background.
Generally, CUIT recommends migrating to more user-friendly service offerings such as sites.columbia.edu, which provides a web interface to modify your content.
It would be best if you first worked with whoever helped you initially create your homepage. The steps outlined here are the same as when you did that initial creation. That said, if you have exhausted available resources, please submit a ticket to the CUIT Service Desk, email [email protected], or call 212-854-1919.