HTTPS

Partial HTTPS

Sana Commerce can also be configured so that a part of the front-end website runs on HTTPS (not supported for the Sana Commerce BackOffice). For example, it is possible to run only the order process on HTTPS.
 
To accomplish this, first you should determine which pages have to run secure and which not. This separation is done on a physical file level, so it is not possible to configure one content page to be secure and another not. When such a requirement is desired a separate template has to be created.
 Complete all steps from this chapter to install a SSL certificate for the website(s).
  • Open the 'web.config' of the Sana Commerce front-end web application in any text editor.
  • Locate the 'httpModule' configuration section and uncomment the 'SSLModule' line. This ensures that for all ASP.NET requests the SSL Module is called.
  • Now locate the 'secureWebPages' configuration section and uncomment it.
  • Specify the encrypted and unencrypted URLs on which the Sana Commerce front-end is running. Make sure the attribute 'Mode' is set to 'On'.
  • All pages that should be secure can be specified in the files node. To add a page, paste an extra line of this format: <add path="FILENAME" /> where FILENAME should be replaced with the name of the file that should be secure. To (temporarily) set a page to insecure (HTTP) add the attribute secure="Insecure" to this node.
  • All directories that should be secure can be specified in the directories node. To add a directory, paste an extra line of this format: <add path="FOLDERNAME" /> where FOLDERNAME should be replaced with the name of the folder that should be secure. When setting the attribute 'recurse' to "True", all content in this folder will be secure and thus only available through HTTPS.