After receiving Brad Switzer's message today, I took the plunge and bought one for our site. I'll be interested to see what his "several explanatory emails over the coming days" say, but for now, I'm happy to have purchased the certificate.

Well, I'm always cautious before taking a "deal". So I googled the pros & cons of this. Here's the link I found most helpful:

Pros & cons...

At this point, I think the cons outweigh the pros, but I will take this to my co-administrators and some selected classmates to see what they think.

Later

Jake

I definitely want to put an SSL Cert on our domain, but I was expecting them to provide a solution with a free SSL Cert. Free certs are common on regular hosting providers and the work perfectly. Instead there's an annual charge...

They've come down, that's for sure. A dozen years ago we paid over $800 a year for SSL Certs and you could only get them at one or two places.

$5 max price. That's the going rate. Our class has never mentioned the secure stuff. There really is no benefit, that's why it was such a low priority for CC for so long. All the sensitive areas are pretty secure, although in theory it could be bypassed.

What I really want is an option that after we log in, it reverts to the FREE long name CC site. I know that can be done because I actually did that already for my http://www.JVscripts.com site. Click to see what happens .

http://www.jvscripts.com

Jake,

Thanks for the link showing the pros and cons!

Jack, good job. How did you accomplish it, with your domain name registrar or what?

I was extremely disappointed to see Class Creator apparently using this as a (large) profit center, particularly when so many sites have adopted "Let's Encrypt" (Discussed here) for FREE!

I don't fault CC for wanting to add a profit center, but for those of us who already pay for a subscription, perhaps this is far too steep a price to pay.

This is a built-in feature of domain records. I used the 301 redirect meant for doing exactly that. Not the best for search engine stuff, but we are way past that issue

https://moz.com/learn/seo/redirection

So that's why I know CC can also do that for our domains. Those with other registrars might need some help, but it's pretty easy.

Cost me $8/yr for the domain to check it out. Amazingly I did that a few days ago just before this announcement since I was curious. Been on my mind for a few months.

I've read some of the concerns above. We've also taken a couple phone calls today with similar questions. Class Creator is a hosted solution. That means things simply work for everyone. Generally, our customers using this system don't know code, scrips, c-panels, or much else that is technical.

The system was never build to accommodate individual secure certificates. Making changes to allow for this required significant modification of the system structure, and even then every secure certificate that sells requires a manual effort here. For everything there is a cost. I can assure you the price offered for secure certificates is not Class Creator overcharging or running large profit centers. It's simply Class Creator charging a fee that allows us to make this feature available at all.

Bottom line, there is much more going on under the hood than may meet the eye. I hope that sheds some light on this service, what it took to make it available, and why it's priced accordingly.

www.eastlongmeadowhighschool1970.com is still not secure. Is that the one you bought it for?

Scott Moore wrote:

I clicked on the link in Brad's email. Didn't lead me to anywhere particular

Found it

I have been aware of the secure certificate problem for some time and am glad to see that a solution is forthcoming. I do have a couple of questions tho.

I see the cost of a secure certificate is priced for an annual period. That means, if I get a certificate today, say for two years, it would cost me $70 and would expire on February 19, 2023. Now, let's say I renew our site for two years. That means, my site would be live to June, 2023. That means there will be a gap of roughly four months between the end of the certificate and the end of the Website. That leads me to two questions.

1. Will there be a proration of the cost of either the Website, or the secure certificate based on the time gap between the beginning, and/or, end of the certificate and the beginning, and/or, end of the Website.

2. Do you have an opinion over waiting until the beginning of the next year of our Website and leaving the time between, say, today and the beginning of our next year.

3. Finally, I think. You have been maintaining Websites whose "life" has ended by placing advertisements. Will your practice of maintaining such Websites be affected by the secured certificate issue.

Thanks.

Jack Vermeulen,

I thought I read in a message from Class Creator that there's a couple of days lag time until the certificate is activated for my site, www.eastlongmeadowhighschool1970.com, but I can't find it right now. If it's not activated in the next 48 hours, I'll inquire. I think I was one of the first to purchase a certificate on Feb. 18.

I got the email sent "because you own a domain name". I do, but it's not attached to the ClassCreator site. We've been living with the "long" URL.

But I am pleased to see that the all the ClassCreator links now seem to start https://

So this is one more reason for us *not* to purchase a domain for our site. We have other ways of directing classmates to it and we don't really think classmates will find us through search engines (as opposed to direct communications from the College). So we'll live with the "long" link for now.

Hi Scott,

It was part of the thank you page. It will be installed Saturday evening.

Jessica
Class Creator Support

Barry,

Domains and secure certificates are annual products - unfortunately they don't offer ways to purchase them for a specific number of months or to prorate them as they renew for a year or multi-year long duration.

We will still offer free with ads for sites as a subscription option.

Jessica

Class Creator has suggested purchasing the secure certificate for the duration of our domain name which in our case expires on 7/17/2027. We plan to purchase the certificate for 7 years. Our class website subscription expires in 2030. Will we have the option of purchasing the Secure Certificate when we renew our domain name?

Thanks,
Joan

The renewal of the domain name and certificate are separate actions, independent of each other. Under Admin Functions > Manage Domain, you may add time to either your domain or certificate expiration dates as you wish, just like you add time to your site subscription (Admin Functions > Subscription).

I purchased the certificate. How do I know when it’s been installed?

Joe Prather,

Here's how you know when the certificate's been installed (mine was installed last night):

Using the Google Chrome browser, my home page URL now shows a lock symbol and "eastlongmeadowhighschool1970.com/class_index.cfm." If I double click on the URL, it changes to "https://www.eastlongmeadowhighschool1970.com/class_index.cfm." The lock symbol and "https:" mean the site is secure.

Using the Microsoft Edge browser, my home page URL now shows a lock symbol and "https://www.eastlongmeadowhighschool1970.com/class_index.cfm."

Nice job, Class Creator, on the installation!

Thanks, Scott. I can now reassure our classmates that our site is secure.

Just so I can answer a co-admin's question: Which pages/sections are already secure & which are not?

From Fortinet:

THE “DARK SIDE” OF SSL ENCRYPTION
Despite the list of benefits associated with SSL encryption, there is a dark side. Just
as confidential communications using email, websites, SaaS applications, and custom
applications are protected with SSL encryption, cybercriminals also use it to hide malware
and ransomware embedded in applications and links that enable them to infiltrate company
networks. In doing so, these bad actors are able to communicate with command and
control systems.
The biggest challenge is that traditional cybersecurity solutions such as intrusion detection
systems (IDS) and intrusion prevention systems (IPS) are trained to trust encrypted traffic.
So, what is the result? Ninety percent of CIOs indicate they have experienced or experience
a network attack using SSL encryption, and 87 percent say their security defenses are less
effective today due to cybercriminals using encryption to hide their attacks.17
The following are some of the more prevalent ways that cybercriminals use SSL encryption:
1. Hiding the Initial Infection. Cybercriminals encrypt their malware and send it through
an approved port; users click on embedded links that take them to sites containing the
payload or as an attached file.
2. Hiding Command and Control. Certain malware families use encryption to hide
command and control communications.
3. Hiding Data Exfiltration. Many malware families also use encryption to hide network
information such as passwords and stolen information (e.g., bank accounts and
passwords).

As I explore this issue, I find more questions that concern this issue:

Let's Encrypt says it's free and that if the host provider chooses to do so, then it can be provided.

If, there are cheaper or free alternatives, why were they not chosen?

If one has to go thru a secure sign-in, then how does that person get to a not secure area to cause problems?

As I explore this issue, I find more questions that concern this issue:

Let's Encrypt says it's free and that if the host provider chooses to do so, then it can be provided.

If, there are cheaper or free alternatives, why were they not chosen?

If one has to go thru a secure sign-in, then how does that person get to a not secure area to cause problems?

Jake (Kelly) Tidmore wrote:

The simple way to check is to click on menu options and see if there's a padlock or a message on the Browser URL area.

Jake (Kelly) Tidmore wrote:

But if you enter in any area where money is involved, it reverts to "secure" again and the SPY gets a blank screen.

It's been this way for at least THREE (3) years since Chrome starting putting up the "not secure" stuff.