To run fully on HTTPS, Sana Commerce has to be configured to do so. Start with requesting a SSL certificate for the domain of the Sana Commerce front-end at a certificate authority (please read this chapter for more information). This means that when the Sana Commerce solution has multiple websites (multi-site) running on multiple domains, also multiple SSL certificates are required. No additional SSL certificate is required for the backoffice, as it runs as a virtual directory on the front-end domain. 
  • Open IIS on the production server, click right on the Sana Commerce website and select the properties.
  • Open the 'Directory' security tab and click the 'Server certificate' button in the 'Secure communications' section.
  • Select 'Import a certificate from a .pfx file', select the file and import it.
  • Open the 'web.config' of the Sana Commerce backoffice web application and locate the front-end URL section. Update http to https in the URL.
  • Locate in the same file the configuration key 'system.serviceModel/client/endpoint' and update 'http' to 'https' in the URL.
  • That's it; Sana Commerce is now configured to run on HTTPS.