The Redirect to SSL widget redirects the current page to a secure connection if the page was requested over a non-secure channel. This is useful if you have a page that transmits sensitive data, and you want to protect the transmission of that data.
Dropping the SSL widget on a page doesn't change any permissions for the group on the page.
The widget will not redirect to SSL when it is viewed in preview mode (such as when you are editing a page).
You shouldn't drop this widget onto a page until you have SSL set up and working on your site.
This widget works on any page, but it only makes sense in locations where you want to redirect to a secure location.
- Navigate to Control Panel Dashboard > System Administration > Site Administration > Widget Studio > Enable/Disable widgets.
- If it is not already present in Allowed widgets, move the widget from the Not Allowed Widgets column to the Allowed Widgets column.
- Click Edit Page, then select and place the Redirect to SSL widget. There is no further configuration of the widget in the GUI. (However, there are configuration file modifications to be made.)
- Click Save Page.
Once you place the widget on the page and save it there, the URL for the page will change from http://~ to https://~.
Perform additional configuration
- Enable SSL by changing the communityserver_override.config file to enable SSL.
- In communityserver_override.config, change
<Core defaultTheme="fiji" defaultGroupTheme="fiji" defaultLanguage="en-US" disableEmail="false" disableIndexing="false" disableThreading="false" cacheFactor="5" smtpServerConnectionLimit="-1" enableLatestVersionCheck="true" systemType="Self" backwardsCompatiblePasswords="false" ssl="Ignore" defaultRoles="Everyone;Registered Users" wwwStatus="Remove" enableVirtualization="false" enableProductListing="true" enableUsersOnline="true" announcementRssUrl="http://telligent.com/r.ashx?43" proxyHost="" proxyPort="" proxyUsername="" proxyPassword="" proxyBypassOnLocal="true" enableBackgroundCacheCallbacks="false" xFrameOptions="SAMEORIGIN" unlockUserAfterMinutes="5" lookupUsersByEmail="false">
- SSL="Password" if you are changing the membersearch.aspx page
- SSL="All" for other files
- Touch the web.config file.
- In addition to requiring SSL for your pages, it is recommended to also require SSL transmission of the Forms session cookie. If you are using Forms Authentication, edit the web.configfile to secure the Forms session cookie. In the following entry,
<forms name=".Telligent.Evolution" protection="All" timeout="10080" loginUrl="login.aspx" slidingExpiration="false" />
<forms name=".Telligent.Evolution" protection="All" timeout="10080" loginUrl="login.aspx" slidingExpiration="false" requireSSL="true" />