Table of Contents: 2016 SEPTEMBER–OCTOBER No. 412
NCBI Secure Web Site Test on September 26, 2016. NLM Tech Bull. 2016 Sep-Oct;(412):b5.
To improve security and privacy, and by Federal government mandate, NCBI is moving all of its Web sites and services, including Web APIs, to HTTPS only by September 30, 2016. This change will provide you with greatly increased privacy and security on the NCBI site.
To prepare for this change, NCBI will be running a series of tests. During testing, most web traffic will be moved to HTTPS for a short period to check for problems and ensure all resources work properly within HTTP.
Testing is scheduled for 8:00 - 9:00 AM, Eastern Standard Time (12:00 - 13:00 UTC), on Monday, September 26, 2016. The results of that first test will determine how many more tests we need, and for how long. We will announce each test on the Web site at least 24 hours before the test begins.
Starting Tuesday, September 27, 2016 at 8:00 AM EDT (12:00 UTC), all Web page traffic will permanently redirect from http to https. After that time, your browser will always access NCBI using https. We are making this switch a few days before the September 30 deadline in order to troubleshoot any problems that may occur.
Hopefully, you will notice nothing more than improved
privacy and security. In your Web browser's address bar,
you will notice that the Web address (URL) will start with
https:// (instead of http://).
You should also see a small green padlock icon that
indicates that the NCBI Web site security is working
properly.
You may also notice that, as soon as you click a Web
link, use a bookmark, or type a URL into your browser's
address bar, the URL immediately changes from one starting
with https://.
This behavior is normal during the test, and will be the
standard behavior for http:// URLs after NCBI
switches to HTTPS only.
However, you may see minor problems such as:
These events are all logged as errors by our servers. There is no need for you to report them to NCBI.
NCBI's analysis tools should be able to identify and log
most problems during the test, so there is usually no need
to report problems to NCBI. If the page you want to use
doesn't work during the test period, wait until the test is
over and try again. If your problem continues, you may need
to change the URL in the address bar to start with
http:// instead of https:// (again, after the
test has ended.) If your Web request was for a long-running
process such as a BLAST job, resubmit the search and run it
again. You can also try cleaning your browser's cache and
clearing cookies.
If these attempts fail, then contact us using the Help Desk link (at the bottom right of most pages, in the page footer), explaining the problem in detail. Or send email to the NCBI service desk at info@ncbi.nlm.nih.gov, describing the problem.
If you have scripts or programs that access NCBI Web services, such as E-utilities and BLAST URL-API, your service may or may not work correctly during the test period. If you have doubts, you may want to try running your scripts or starting your program during the test period to see whether it operates correctly, or needs to be updated. (There's no need to wait for the test. We have set up test servers that you can use to run those tests with your scripts and programs at any time.) See HTTPS at NCBI: Guidance for users of NCBI Web APIs for advice on how to update programs and scripts to use HTTPS.
Commercial or open-source desktop client software that accesses PubMed, BLAST, or other NCBI resources; or commercial or open-source Web tools like proxy servers or browser extensions, may fail during the test period. In this case, please directly contact the software author vendor. You may want to send them the link to HTTPS at NCBI: Guidance for users of NCBI Web APIs.
For questions, comments, or problems, contact the NCBI service desk at info@ncbi.nlm.nih.gov.
