Enabling HTTPS

To protect sensitive data when customers post forms for checkout or login the page should be encrypted. This section explains how to enable SSL security.

What is HTTPS?

Encryptions of the request is called SSL or HTTPS. It's the same standard that the payment providers and internet banking sites are using to ensure that customer data is not visible for everyone. It also helps to ensure the data is not modified between client and server, so that for example the amount transferred or the recipient account number does not change.

Enable HTTPS in Litium

Litium has built-in support for automatic redirect to secure or non-secure connections for each page type, without any development.

By web site

Edit the website in Settings and select On for the option Use Secure Connection.

By page type

Simply choose the preferred setting by checking  Use secure connection for this page type when editing the page type in Settings.  

SSL img 1.png

To use this feature you need a certificate installed on your hosting server. The certificate is not included in Litium. Ask your hosting company for help when buying the certificate to get the correct type and installation.

If you want to disable SSL on your server, for example if you have multiple environments like production and development and want to shut SSL off in the development environment, you can choose to disable secure connection in web.config. If you change the global setting to False no automatic redirection will be made.

You find the setting in the cms section inside the litium\studio section group.

SSL img 2.png

We recommend using secure connection for sites and page types that handle sensitive information; for example logins and checkout.

Creating a self signed certificate in IIS

The SSL certificate needs to be installed on the IIS server for the pages configured to use secure connection to work. For developer and test machines, a self signed certificate can be created as follows.

Go to IIS and click Server Certificates > Create Self-Signed certificate.



Assign your certificate to an HTTPS binding of your website as shown below.



Pages of the types that have been selected to use secure connections will now automatically be rendered using the HTTPS standard with SSL encryption.