Overview
When you would like to make your HTTP requests into HTTPS, DNN provides the capability of enabling SSL for the DNN environment. This can be enabled through the administrator settings.
Prerequisites
- A host/superuser account. Hosts have full permissions to all sites in the DNN instance.
Solution
- Navigate to Persona Bar > Settings > Security.
- Click on the More tab.
- View the SSL Settings tab.
- Configure any of the following settings as needed:
- SSL Enabled: Mark the checkbox if an SSL Certificate has been installed for this site.
- SSL Enforced: Check the box if insecure pages (HTTP) will not be accessible with SSL (HTTPS).
Note: The SSL Enforced option does not enforce all sessions to SSL (it does not redirect all HTTP traffic to HTTPS) but rather, causes any user who visits the site over HTTP to receive an unauthorized error page. The 'SSL enforced' setting would enforce the protocol based on the page settings. Therefore, if the page is marked as Secure Connection, it will force HTTPS; otherwise, if the page has Secure Connection disabled, it will force HTTP. - In the SSL URL text box, enter a URL that will be used for secure connections for this site. This is only required if the SSL Certificate does not match the standard URL, e.g.: "www.secure.domain.com".
- In the Standard URL text box, enter the standard site URL for non-secure connections.
- In the SSL Offload Header Value set the name of the HTTP Header that will be checked to see if a network balancer has used SSL Offloading.
Below is a table of the expected results if each of the DNN SSL settings is enabled depending on the request.
SSL Enabled SSL Enforced Secure Connection Request Protocol Response Code Redirect Protocol Redirect Response Result Transformation outcome The switch position
is on or offThe switch position
is on or offThe switch position
is on or offWhat should be the source browser request to get the results in the right columns The response code for the first initial request to the site using the "Request Protocol" If not empty then what protocol would be specified in the "location" header for the URL that the client browser would redirect to The response code for the second request that the client browser will send after redirect The final protocol for all of the following requests The logical protocol operation
If empty, then the initial request protocol is not changed.
HTTP 200 HTTP HTTPS 200 HTTPS HTTP 200 HTTP HTTPS 200 HTTPS HTTP 200 HTTP HTTPS 200 HTTPS HTTP 301 HTTPS 200 HTTPS UPGRADE
HTTP→HTTPS
HTTPS 200 HTTPS HTTP 200 HTTP HTTPS 301 HTTP 200 HTTP DOWNGRADE
HTTPS→HTTP
HTTP 200 HTTP HTTPS 200 HTTPS HTTP 200 HTTP HTTPS 301 HTTP 200 HTTP DOWNGRADE
HTTPS→HTTP
HTTP 301 HTTPS 200 HTTPS UPGRADE
HTTP→HTTPS
HTTPS 200 HTTPS
- SSL Enabled: Mark the checkbox if an SSL Certificate has been installed for this site.
- Click the Save button.
- Enable SSL on the Page-level.
Testing
If the user tries to access a site via HTTP, they should automatically get redirected to the HTTPS version of the site, while SSL is enabled.
If the SSL Enforced option is enabled as well, any user going to a site via an HTTP request would get a 403 error and not get automatically redirected.
Comments
0 comments
Please sign in to leave a comment.