Secure websites, which encrypt all incoming and outgoing data, use a website address that always starts with https:// for example: https://example.com.
To be able to send and receive data securely from systems such as Carerix, you must therefore use https://APPLICATIONNAME.carerix.net.
Web browsers (i.e. Google Chrome, Firefox) clearly indicate that you are using a secure connection, namely with a lock in the URL bar.
To ensure that Carerix works with a secure connection, you must set your Carerix application to https:// connection by default. The Carerix administrator has the rights to set this:
- Go to 'Maintenance' | 'Settings'
- Ga naar het blok 'General'
- Find the setting named 'httpsRequired' set it to 'YES'
This ensures that the Carerix application automatically uses https://, so that your data traffic is better protected.
Be aware: Email and Document templates with http://
After this change, Email and/or Document templates may no longer work fully (e.g., images that no longer show) if these templates have links or images with http:// in the code. That is also the reason that Carerix does not automatically turn on https://.
What can happen with Email templates and document templates as soon as you enable HTTPs:
- Images stored on a website without SSL certificate (not HTTPS) will no longer be displayed. You can easily check this by replacing 'http://' in the address of the relevant image with 'https://'. (http://example.com/image.jpg 🡒 https://example.com/image.jpg).
So make sure the image is on a domain with HTTPs, and adjust the address in your email templates.
Be careful with using images from a website: If images are removed from the website (for example, when migrating to a new site or just during a major website cleaning), they will no longer be displayed in the email and document templates and, moreover, it will also be hard to retrieve them later on.
- The same applies to stylesheets (for example style.css), the stylesheet will no longer be loaded so that your email is no longer formatted and / or the layout is even staggered.
- Website links to a website without HTTPs will continue to work. However, if you refer to HTTPs while the website does not support HTTPs, the visitor will receive an alarming error message ('Your connection is not private'). If you manage this website, then you are well advised to install SSL and set up the website properly.
- HTTP links to a website with HTTPs are automatically redirected by the same website page but with HTTPs. So check whether this is working properly.
Make an inventory
Make an inventory fo the active email templates with HTTP links:
- Go to 'Maintenance' | 'Templates'
- Go to 'Email tab'
- Filter 'Visible'
- Filter 'Content' contains 'http://'
Are these templates you need? Decide what you want to do with the http:// links (adjust or delete). This concerns hyperlinks, images and/or style sheets (CSS).
Do you want expert help with inventorying and/or changing email templates? Or do you want us to help you on your way? Then contact your account manager.
TLS in the browser
TLS is a security standard that HTTPS uses. Carerix only supports web browsers that have a TLS version of 1.2 or higher. Read why Carerix only supports TLS version 1.2 and higher.
Labels : UD-1306, Activatie, Security & Privacy Check