Secure Sockets Layer (SSL) is a protocol that provides communication security over the network. SSL is useful when you have sensitive information, such as login credentials or credit card information, transferred over the network.
If your site requires the use of SSL certificate, you must perform the following:
PREREQUISITES: Sitefinity CMS requires that you setup the http binding on port 80 and the https binding on port 443.
After you have setup and tested the certificate, you can configure any page – backend or frontend, to require the SSL certificate. We recommend that you require SSL on all frontend and backend login pages, where login credentials are transferred over the network.
After you have installed the SSL certificate on your site, you can configure selected pages to be served under the https:// protocol, while the rest to continue to be served under the http:// protocol.
Every page created in Sitefinity CMS can be configured to be served explicitly under https:// protocol. This behavior is controlled by the Require SSL property available in the page Advanced options. It is disabled by default. To enable it, perform the following steps:
In the scenario where you configure only certain frontend pages to Require SSL ,and you have some frontend pages that will be served under http:// protocol only, you need to configure Sitefinity CMS to allow for the transition between the two protocols. To enable frontend pages, that have not been explicitly configured to Require SSL, to be served under http:// only, perform the following steps:
After you have installed the SSL certificate on your site, to setup all frontend pages to be served under the https:// protocol, you must set the Require SSL property to true for all frontend pages. To automate the task you can execute the following code:
Additionally you must disable the Remove ssl when the page does not require it setting, to ensure that Sitefinity CMS will not allow serving pages under http://, when they have not been explicitly configured to Require SSL. This way you can enforce https:// protocol for the whole site frontend. For example, if Remove ssl when the page does not require it setting is disabled, even if someone adds a new page and forgets to enable RequireSSL, as long as users are navigating to that new page from an https:// page, the new page will get served under https://. To configure this behavior, perform the following:
Click Save changes.
To configure backend pages to require SSL, perform the following:
NOTE: The key above is an example. You must add the same key that is used in the other security token issuers.
IMPORTANT: Do not remove the existing issuer binding to http://localhost
NOTE: You might need to change the Relying Parties configuration, especially when you have Load Balancing configured, so that users avoid getting a Redirect Loop when they try to login to the backend. For more information, see Configure Security.
Back To Top
To submit feedback, please update your cookie settings and allow the usage of Functional cookies.
Your feedback about this content is important
Copyright © 2020 Progress Software Corporation and/or its subsidiaries or affiliates.
All Rights Reserved.
Progress, Telerik, Ipswitch, and certain product names used herein are trademarks or registered trademarks of Progress Software Corporation and/or one of its subsidiaries or affiliates in the U.S. and/or other countries. See Trademarks for appropriate markings.
Powered by Progress Sitefinity