SOAR

SOAR Customers,

Some of your members may be seeing a Security Warning (SSL) when accessing your SOAR scouting website. We wanted to provide you details on why it is occurring and options for them to address it.

This message DOES NOT affect the security of your SOAR website. It is just a warning message. Your SOAR website is still secured with SSL certificates even though a member might be getting a warning. This does not affect email features of your website.

When you access a website, your browser encrypts the data being sent and returned using a protocol called SSL (Secure Sockets Layer). This is done to prevent eavesdropping on the information and stealing things like passwords and sensitive information.

SSL Certificates are installed on your SOAR website to accomplish this. These certificates are created through a domain verification process that ensures their validity. The whole process revolves around a chain of security starting with things called Root Certificates. To ensure security, these Root Certificates are distributed though the operating systems - Windows, Mac, Android, etc.

When your members are seeing a Security Warning it is because they do not have updated Root Certificates on their computer, because their operating system is very old, is not being updated anymore, including these Root Certificates. So…. the warning is really related to not having updated Root Certificates on their computer, not a real security issue.

These members have the following options:

1. Ignore the warning
   As noted previously, there is no real security issue. They can just ignore the warning and proceed to your scouting website.
2. Use your .mytroop.us or .mypack.us domain
   We have purchased new SSL certificates for these domains that get around the issue by linking to a Root Certificate that is still valid on older machines. Using this method they will not get the warning. Other than a difference in domain name, their experience on your SOAR website will be the same.
   To secure your vanity domains like www.troop123.com we use a provider called LetsEncrypt that provides free SSL Certificates for each of your domains. Unfortunately there are no free SSL certificates that do not link to one of these non-updated Root Certificates on older devices.
3. Use Firefox browser
   The Firefox browser does not rely on the operating system for Root Certificates and will pick up the updated ones on its own, independent of the operating system. Using this browser on any older device should remove the warning.
4. Update operating system/device
   While last on the list of options, we wanted to mention this option because the issue these members are having is not limited to your SOAR scouting website. These members will start experiencing this issue (and others) with a variety of websites on the Internet moving forward.

SOAR Support