Why is HTTPS-Secure Important for Contrail?

The Whitehouse mandated HTTPS (HyperText Transfer Protocol Secure) connection for Federal publicly-accessible websites back in 2015. The directive instructs Federal agencies with publicly accessible websites to provide service only through a secure HTTPS connection that encrypts nearly all information during communication between the website and user. (See M-5-13 memorandum “Policy to Require Secure Connections across Federal Websites and Web Services“.

Starting in January of 2017, Google Chrome will begin indicating all websites that do not use encryption as “Not Secure”. Other major web browsers (Opera, Mozilla Firefox, Safari, Edge) will likely do the same.

https-secureEncryption between Browser and Contrail Server

HTTPS-secure provides an encrypted connection between the browser and the Contrail server. This ensures that the data transmitting between your browser and the Contrail server is safe by making sure that unintended users are unable to intercept the traffic. A particular instance in which this type of secure connection is highly important is during username login and password access to the application. If you do not have HTTPS certificates configured, this warning can put off public users from visiting your site, and leave you vulnerable to “Man-In-The-Middle” attacks when visiting your Contrail instance.
All OneRain-hosted Contrail editions are HTTPS secure. For locally installed Contrail Base Stations, a TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocol certificate is required to enable encryption and authentication on your site domain and use the HTTPS protocol. OneRain can work with your IT department to implement your agency’s encryption certificates within Contrail ahead of this change. If using or implementing your agency’s certificate is an issue, OneRain can purchase and manage your certificate on your agency’s behalf for a small annual fee.

Starting in January of 2017, Google Chrome will begin indicating all websites that do not use encryption as “Not Secure”. Other major web browsers (Opera, Mozilla Firefox, Safari, Edge) will likely do the same. (Learn more here)

 

Why have TLS/SSL Certificates?

A TLS/SSL* certificate is required to enable encryption and authentication on your site domain and use the HTTPS protocol. HTTPS-secure provides an encrypted connection between the browser and the Contrail server. This ensures that the data transmitting between your browser and the Contrail server is safe by making sure that unintended users are unable to intercept the traffic. A particular instance in which this type of secure connection is highly important is during username login and password access to the application. If you do not have HTTPS certificates configured, the “not secure” warning could put off public users from visiting your site, and leave you vulnerable to “Man-In-The-Middle” attacks when visiting your Contrail instance.

All OneRain-hosted editions of Contrail are HTTPS secure

For locally installed Contrail Base Stations, a TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocol certificate is required to enable encryption and authentication on your site domain and use the HTTPS protocol. If your on-premise Contrail Base Station site domain is not secure, OneRain can work with your I.T. department to implement your agency’s encryption certificates within Contrail. If using or implementing your agency’s certificate is an issue, OneRain can purchase and manage your certificate on your agency’s behalf for a small annual fee.

*TLS/SSL (Transport Layer Security/Secure Sockets Layer) is the de facto standard for encrypted and authenticated communications between clients and servers on the Internet.

 
About OneRain Incorporated
Since 1992, OneRain has been providing solutions that optimize water management, heighten regulatory compliance, achieve successful civil works, and save lives. Headquartered in Longmont, Colorado, OneRain’s software and services deliver mission critical information to serve clients responsible for flood early warning, dam safety and reservoir operations, water resources, stormwater and wastewater management. For more information, visit www.onerain.com or call 800-758-RAIN (7246).
Contact Us

Got questions? Send us an email and we'll get back to you shortly.

Start typing and press Enter to search