As many of you know, I work for a large hosting company, CrystalTech Web Hosting. My current position is officially titled 'Senior Developer", but I am more of a Jack of all Trades. I have done everything from server administration and troubleshooting to answering the phones in support. One of the things I have been asked frequently over this time period is what about support for SSL within DotNetNuke. The standard answer from me has always been that it will work with shared SSL, but not as the user wishes and that it would work with their own SSL certificate, but they might have to make the links manually so they can point them to the SSL URL .
Well those days are over! Starting with 4.5.4 a person can now easily enable SSL and Shared SSL support on their site. There are two locations that must settings must be set for this to work, Site Settings and Page Settings. Lets start off by looking at the Site Settings.
If you look under Advanced Settings -> SSL Settings you will see the following options:
- SSL Enabled - Check this to signify your site has SSL enabled. If you do not set this, marking a page as secure will have no effect.
- SSL Enforced - When this is set, pages that are not marked as secure will not be available via HTTPS.
- SSL URL - This is the SSL URL for your site. If you own your own SSL certificate, then you do not need to enter anything. This only is used for Shared SSL's. If you are using a Shared SSL, just enter the SSL link as specified by your hosting provider.
- Standard URL - If you are using a Shared SSL and specified a link in SSL URL, then you will need to provide the normal URL of your site.
Next we move on to Page Settings
Under Advanced Settings -> Other Settings you will find a new option, Secure. If you want a page to be served up via HTTPS, then you need to check this setting. As long as you or your Adminstrator has set the SSL Enabled setting to true (checked), then settings this to Secure would force the application to serve this page via HTTPS.
As you can see, setting up SSL for your DotNetNuke site is now easier than ever before. In this day and age of browser exploits, network sniffers, and malicious people, SSL is need to ensure your users their information is protected when sending it across the net to your site. Having SSL enabled lets your users know that you care about their information as much as they do and you are doing what is required to ensure the safety of that information.