Enabling SSL for a Site

Overview

When you would like to make your HTTP requests into HTTPS, DNN provides the capability of enabling SSL for the DNN environment. This can be enabled through the administrator settings. 

 

Prerequisites

  • A host/superuser account. Hosts have full permissions to all sites in the DNN instance.

 

Solution

  1. Navigate to Persona Bar >  Settings > Security.
  2. Click on the More tab. 
    SSL.JPG

     

  3. View the SSL Settings tab.
  4. Configure any of the following settings as needed:

    1.png

    • SSL Enabled: Mark the checkbox if an SSL Certificate has been installed for this site. 

    • SSL Enforced: Check the box if insecure pages (HTTP) will not be accessible with SSL (HTTPS).
      Note: The SSL Enforced option does not enforce all sessions to SSL (it does not redirect all HTTP traffic to HTTPS) but rather, causes any user who visits the site over HTTP to receive an unauthorized error page. The 'SSL enforced' setting would enforce the protocol based on the page settings. Therefore, if the page is marked as Secure Connection, it will force HTTPS; otherwise, if the page has Secure Connection disabled, it will force HTTP. 

    • In the SSL URL text box, enter a URL that will be used for secure connections for this site. This is only required if the SSL Certificate does not match the standard URL, e.g.: "www.secure.domain.com".

    • In the Standard URL text box, enter the standard site URL for non-secure connections.

    • In the SSL Offload Header Value set the name of the HTTP Header that will be checked to see if a network balancer has used SSL Offloading.

      Below is a table of the expected results if each of the DNN SSL settings is enabled depending on the request.

      SSL Enabled SSL Enforced Secure Connection Request Protocol Response Code Redirect Protocol Redirect Response Result Transformation outcome
      The switch position
      is on or off
      The switch position
      is on or off
      The switch position
      is on or off
      What should be the source browser request to get the results in the right columns The response code for the first initial request to the site using the "Request Protocol" If not empty then what protocol would be specified in the "location" header for the URL that the client browser would redirect to The response code for the second request that the client browser will send after redirect The final protocol for all of the following requests

      The logical protocol operation

      If empty, then the initial request protocol is not changed.

      Off.png

      Off.png

      Off.png

      HTTP 200     HTTP  
      HTTPS 200     HTTPS  

      On.png

      HTTP 200     HTTP  
      HTTPS 200     HTTPS  
      On.png Off.png Off.png HTTP 200     HTTP  
      HTTPS 200     HTTPS  
      On.png HTTP 301 HTTPS 200 HTTPS

      UPGRADE

      HTTP→HTTPS

      HTTPS 200     HTTPS  
      Off.png On.png Off.png HTTP 200     HTTP  
      HTTPS 301 HTTP 200 HTTP

      DOWNGRADE

      HTTPS→HTTP

      On.png HTTP 200     HTTP  
      HTTPS 200     HTTPS  
      On.png On.png Off.png HTTP 200     HTTP  
      HTTPS 301 HTTP 200 HTTP

      DOWNGRADE

      HTTPS→HTTP

      On.png HTTP 301 HTTPS 200 HTTPS

      UPGRADE

      HTTP→HTTPS

      HTTPS 200     HTTPS  
  5. Click the Save button.

  6. Enable SSL on the Page-level.

 

Testing

If the user tries to access a site via HTTP, they should automatically get redirected to the HTTPS version of the site, while SSL is enabled. 

If the SSL Enforced option is enabled as well, any user going to a site via an HTTP request would get a 403 error and not get automatically redirected.

Back to top

Comments

0 comments

Please sign in to leave a comment.