Enable https

To protect sensitive data when customers post forms for checkout or login the page should be encrypted. This section explains how to enable SSL security.

What is https?

Encryptions of the request is going under the term SSL or HTTPS and is the same standard that our payment provider or internet banking sites are using to ensure that customer data is not visible for everyone. It also helps to ensure the data is not modified between client and server so that for example amount or recipient account number is unchanged.

Enable https in Litium

Litium has built-in support for automatic redirect to secure or non-secure connections for each page type, without any development.

By Web site

Edit the website in settings and select "On.." for the option "use secure connection".

By PageType

Simply choose the preferred setting by checking  “Use secure connection for this page type” when editing the page type in Settings.  

SSL img 1.png

To use this feature you need a certificate installed on your hosting server. The certificate is not included in Litium. Ask your hosting company for help when buying the certificate to get the correct type and installation.

If you want to disable SSL on your server, for example if you have multiple environments like production and development and want to shut SSL off on the development environment, you can choose to disable secure connection in web.config. Changing the global setting to “False” will mean that no automatic redirection is made.

You find the setting in the cms section inside the litium\studio section group.

SSL img 2.png

We recommend using secure connection on sites and page types that handle sensitive information; for example logins or checkout.

Creating a self signed certificate in IIS

The SSL certificate need to be installed in the IIS server for the pages configured to use secure connection to work. For developer and test machines, a self signed certificate can be created as follows.

Go to IIS and click the "Server Certificates" and Click "Create Self-Signed certificate".

ssl1.png

 

Assign your certificate to a HTTPS binding of your website as shown below.

ssl2.png

 

The pages of page types which is marked to use secure connection now will automatically be rendered using HTTPS standard with SSL encription.

Is this page helpful?
Thank you for your feedback!