Security


 






DotGov HSTS and .gov Preloading Announcement

Overview

In June 2020, DotGov issued an announcement concerning HSTS and automatic preloading of .gov domains. To summarize: starting September 1, 2020, any newly issued .gov domains will only be accessible via HTTPS, and, at some point in the future, this will affect all .gov domains.

To be in compliance, all .gov domains issued after September 1st, 2020 will need to have valid SSL (TLS) certificates applied to the bindings of each .gov domain on the hosting provider’s web server. Previously issued .gov domains will also need valid certificates applied before the .gov TLD preloading occurs, at some point in the future.

 

What to do if you are a .gov domain owner

To prepare for any upcoming changes, you can ensure you are compliant by checking to see whether https://[yourdomainhere].gov loads on your CivicPlus website.

If this does not load, first check to ensure http loads. If http also does not load, check to see if the DNS record for the domain is pointing to the IP of your site.

If http loads but https does not, you may need to purchase an SSL certificate for the domain. Please contact your CivicPlus client success manager or account manager to get set up with an SSL certificate for the domain.

 

Once you are set up with HTTPS, you can take additional steps to avoid mixed content errors and enable HTTPS-only to redirect any insecure domains or http requests to https. 

If you are currently covered by a DDoS Advanced Security package or Platinum Security package for the domain, you can contact CivicEngage Support to have HSTS enabled now, before it is enforced by the TLD preloading measures.




I'd Like to Request an Enhancement

0 out of 0 found this helpful

Updated:
Follow

Article Feedback