Configure a CMS 8.x Site for HTTPS/SSL

Product: CMS

Version: CMS 8, 8.x

Published: January 5, 2010

Last updated: 1/30/2021

Comments:
0 Comments

Description

This article outlines the necessary steps to configure your CMS site for HTTPS/SSL.

Requirements

  • CMS 8.0 or earlier
  • Administrative rights on the Content Management Server
  • Valid SSL Certificate

Step-by-Step

The CMS supports three HTTPS/SSL configurations:

  • No SSL; HTTP for login and the site
  • SSL for login only; HTTP for the site
  • SSL for the entire site

These three configurations are governed by three settings:

  • requireSSL (in Web.config)
  • loginUrl (in Web.config)
  • redirectToHttpAboutLogin (in local-appsettings.config)

The correct settings are as follows:

No SSL; HTTP for login and the site:

  • requireSSL = false
  • loginUrl = secured/login.aspx
  • redirectToHttpAboutLogin = true

SSL for login only; HTTP for the rest of the site:

  • requireSSL = true
  • loginUrl = secured/seclogin.aspx
  • redirectToHttpAboutLogin = true

SSL for the entire site:

  • requireSSL = true
  • loginUrl = secured/seclogin.aspx
  • redirectToHttpAboutLogin = false

To enable HTTPS/SSL for a CMS site, complete the following steps:

  1. Enable SSL on the virtual directory or website in IIS that is associated with the CMS.

    Note: This portion of the configuration is not related to the Ingeniux CMS and is standard IIS/server administration. Additional information on enabling SSL in IIS can be found online (Ex: http://goo.gl/PNLN).
  2. Configure the CMS Web.config file for SSL:

a) Browse to the root directory of your site.

b) Open the Web.config file in a text editor.

c)Navigate to the <serviceMetadata> node and locate httpGetEnabled="true"

httpgetenabled

d) Change httpGetEnabled="true" to httpsGetEnabled="true"

httpsgetenabled

e) Navigate to the <services> node and locate the six <endpoint> nodes within


Locate endpoints as highlighted

f) Comment out each endpoint.


Comment each endpoint as highlighted

  1. Navigate to the <authentication> node.


    Forms Node

  2.  Add the requireSSL="true" attribute to the forms node.

      Require SSL attribute

  3. Adjust the loginUrl="secured/login.aspx" attribute as needed:

     Login URL

  4. Configure local-appsettings.config:

    Redirect Attribute

If the redirectToHttpAboutLogin setting isn't present, you may need to add it. The default value for the node is true.

Additional Information

Please make sure to back up the Web.config file before editing.


Comments

There are no comments yet.