Join our community!
Is there any limitationis on EPiServer Community (3.1) when it comes to using SSL on the server and entire solution?
Our client wants secure communication between client and server, and SSL will satisfy their requirements, but I dunno wether SSL and EC will function as normal still?
Thanx in advance
No, there are no limitations regarding the use of SSL. However, using SSL over the whole site implies encrypting/decrypting operations that may slow things down in the transport layer. If the site is under heavy load, a general recommendation (and has really nothing to do with the community platform) is to use SSL only on sections where it is really needed.
Hei Per,
Well, slowing things down/performance is secondary to security, so the SSL/TLS security has first priority.
But as a follow up question, do I need to write code to secure communication, or is this handled by the web server?
The SSL encryption/decryption is handled by the web server.
You only need to install your SSL certificate and configure IIS to use your certificate for that specific site.
Ok, thanks
If SSL is a vital part of the design you should install a SLL certificate on your development/test machines also to make sure you catch any gotchas early instead of the last day when you go into production with the "real" certificate.
You can create self signed certificates easy in IIS 7: http://weblogs.asp.net/scottgu/archive/2007/04/06/tip-trick-enabling-ssl-on-iis7-using-self-signed-certificates.aspx
On IIS 6 you use SelfSSL from the the IIS 6 resource kit.
Made a blog comment on this, if anyone is interested in reading a "summary"
http://mariusslette.wordpress.com/2009/01/30/securing-community-communication-with-ssl/