Certificates and DNN as an Azure Web App Part 2
Now that the certificate has been added to the Azure Web App that runs your DNN website, it will be possible to access using the website using both HTTP and HTTPS. Test everything thoroughly as there may be a module in there that does something nasty such as having a hardcoded return URL that uses only HTTP. Note also that these instructions are for DNN 9.1.1. Older versions of DNN, before version 9, use a different admin interface but the actual changes should be much the same.
The important thing to note here is that there has been no need to do anything as exciting as reconfiguring your DNN installation so far but, to enforce the use of HTTPS, a certain amount of reconfiguration will be needed.
So, let’s look at a simple example first and that simple example will be to secure the login page. It is best practice anyway and browsers such as Chrome and Firefox will warn the end user of the end of the world if they are about to enter their details into any login page that isn’t secured.
Note that for this approach to work – your Azure Web App can use HTTP or HTTPS but the login page must use HTTPS – you will need to use a custom login page. Some third party DNN skins come with a suitable one, as the one used on this DNN portal did, but you may have to create one for yourself. If you do, all you need is to do is create a new page and, to that page, you simply add the Account Login module. Then in Site Settings – Site Behaviour – Default Pages, set your new page as the default login page.
With that done, it is times to secure your new login page. To do that, there are two steps:
The first is to enable SSL within the settings for your DNN portal. That is done from Security - More – SSL Settings and setting SSL Enabled to ON.
With that done, go to the page settings for your new login page and select Advanced – More and set the SSL Enabled option to ON.
Now test your changes by logging out and clicking on the login link provided by your site and verify that the redirect to HTTPS occurs.
In the next part – part 3 – the rather trickier task of redirecting all HTTP traffic to your DNN website to HTTPS and thus make Google (and elsewhere) happy once more. SEO is where it is at.