SSL encryption can be used to secure some or all content sent back and forth between the browser and the server.  To use SSL, you must have a server certificate installed and configured on the server.  It is possible to generate your own SSL certificate or to obtain one from a trusted Certificate Authority.  Obtaining and installing an SSL certificate is beyond the scope of this document but there are plenty of  resources on the web to help you with this.

If you have an SSL certificate installed and configured on your server, you should set the SSLIsAvailable setting in the Web.config file to true. 

<add key="SSLIsAvailable" value="true" />

This key is what tells mojoPortal content management system that you have an SSL certificate installed and it will automatically cause the login, register and user profile pages to use and require SSL.  Additionally, you will now see an option on the Admin page to require all pages in the site to use SSL. If you check this box, SSL will be enforced on every page in the site.  If you leave the checkbox un-checked, you will see a setting on each page's page settings whether to require SSL for the page.  Thus you have very granular control over which pages require encryption.

Note that if you enable this setting and there is no SSL certificate installed it will cause your site to be inaccessible, so do not enable this setting until you are sure you have installed and configured an SSL certificate.

Note that if your mojoPortal installation is not a root site but is instead in a subfolder to use SSL you will also need to add this to your user.config, otherwise it will redirect incorrectly when forcing SSL.

<add key="IsRunningInRootSite" value="false" />

Multi Site Installations and SSL

If you have an installation of mojoPortal using multiple sites, there are some additional considerations for SSL. If you are using muliple sites based on folder names then all the sites have the same domain name so the SSL certificate can work for all the sites, and no further configuration is needed.

If you have multiple sites based on host names the configuration will depend on whether the host names are all for the same domain like www.yourdomain.com, demo.yourdoamin.com, foo.yourdomain.com etc. In that case if you have a wildcard SSL certificate for the domain then you can use the same SSL certificate for all sites and no further configuration is needed.

If your host names are all for different domains (like www.somedomain.com, www.someotherdomain.com, foo.somethirddomain.com) then it becomes more of a problem because only 1 SSL certificate can be bound to a given ip address on a given machine. So if only one of the sites will use SSL you can enable it for a specific site base don the site id like this:

<add key="Site1-SSLIsAvailable" value="true" />

where 1 is the site id. This will enable SSL only on the site with Site ID 1. To add SSL for other sites you would need to configure additional IIS Web Sites with different ip addresses all pointing to the same installation files. Each IIS site would have a different ip address and a different SSL certificate bound to that ip address.

Created 2012-05-31 by Joe Audette

Monetize Your Site With Site Membership Pro!