Introduction

SSL is the backbone of our secure Internet and it protects your sensitive information as it travels across the world. It keeps the Internet from being ruled by anarchists and criminals and provides many direct benefits to you and your customers.

Configuration of SSL on DotNetNuke needs some setting in the application. It requires SSL certificate installation on the server for the application which you want to secure and some site level SSL settings at two different levels within the site to allow the new feature to work. 

Implementation

SSL configuration in DotNetNuke is a two steps process:
 
   1. Install SSL certificate in IIS
   2. DNN SSL settings

Install SSL certificate in IIS

You can get the SSL certificate which you have purchased either by email of from your SSL Manager account. Copy your SSL certificate and paste it into simple text editor such as Notepad. SSL certificate looks like an encoded text string containing alphanumeric characters and some special symbols.
 

Save this certificate with .cer extension on any location where you can find it later.
 
Open IIS Manager from Administrative Tool or by running command inetmgr. Right-Click the website on which you want to install the SSL certificate then clicks on Properties. Select Directory Security tab and click on Server Certificate under Secure Communication section.



Welcome to the Web Server Certificate Wizard will start.



Click on Next button in the wizard window. Select Process the pending request and install the certificate and Click Next.



Browse the certificate file when prompted to locate your web server certificate. Click Next.



Verify SSL Port 443 in the SSL Port dialog box. Review the Certificate Summary screen and ensure that you are processing the correct certificate. Click Next. Click Finish to complete the IIS Certificate Wizard. Again Right-Click on the site in IIS and open the Properties of the site. Select the Web Site tab. In the Web Site Identification section, make sure that your site has an IP address and the SSL port is 443.




Click OK.

DNN SSL settings

The first addition is "Site Settings" section to allow definition of settings that are specific to the entire site. The second addition is "Page Settings" that actually determines if SSL is to be used. We will discuss each of these one by one.

SSL Site Level Settings:

Open your DNN website by using http URL. Go to Admin -> Site Settings page.



On the site settings page, expand the Advanced Settings section and locate the SSL Settings section. Expand the SSL Settings section that looks like the below.



Click on SSL Enabled checkbox and click on Update. These settings apply to the entire portal and are the first items you need to modify to enable SSL within your portal. Each individual setting will be discussed below. You can also find the help about these settings by clicking on the help link just before the text.

SSL Enabled : Specify whether an SSL Certificate has been installed for this site.

SSL Enforced : When this option is set, Pages which are not marked as Secure will not be accessible with SSL (HTTPS)

SSL URL : Optionally specify a URL which will be used for secure connections for this site. This is only necessary if you do not have an SSL Certificate installed for your standard site URL. An example would be a shared hosting account where the hosting partner provides you with a Shared SSL URL.

Standard URL : If an SSL URL is specified above, you will also need to specify a Standard URL for unsecure connections.

SSL Page Level Settings:

Go to Admin -> Pages. It will show you the list of pages of the site on which you can navigate through menu or links under different pages. Choose the page which you want to transmitted via SSL and click on edit icon. You will notice one additional "Secure" setting under the Advanced -> Other settings. This section is available in DNN 4.5.4 or later version's websites.



This individual setting actually enforces the SSL requirement for a page. If a page has this option selected it will be transmitted via SSL for every request.

Limitations

You have seen that configuring SSL in DotNetNuke is very simple. But you have to take care of some items while configuring SSL. You must be very careful during the administrative process to ensure that your SSL is configured properly. It is important to remember that SSL is enabled on a page level and there is no ability to conditionally protect a page using SSL.

Copyrights 2018, www.expertsupdates.com