To run fully on HTTPS, Sana Commerce has to be configured to do so. Start with requesting a SSL certificate for the domain of the Sana Commerce frontend at a certificate authority (please read this chapter for more information). This means that when the Sana Commerce solution has multiple webshops (multi-shop) running on multiple domains, also multiple SSL certificates are required. No additional SSL certificate is required for the backoffice, as it runs as a virtual directory on the frontend domain. 
  • Open IIS on the production server, click right on the Sana Commerce webshop and select the properties.
  • Open the 'Directory' security tab and click the 'Server certificate' button in the 'Secure communications' section.
  • Select 'Import a certificate from a .pfx file', select the file and import it.
  • Open the 'web.config' file of the Sana Commerce backoffice web application and locate the frontend URL section. Update http to https in the URL.
  • Locate in the same file the configuration key 'system.serviceModel/client/endpoint' and update 'http' to 'https' in the URL.
  • Now Sana Commerce is configured to run on HTTPS.