SSL and Community

Member since: 2005
 

Is there any limitationis on EPiServer Community (3.1) when it comes to using SSL on the server and entire solution?

Our client wants secure communication between client and server, and SSL will satisfy their requirements, but I dunno wether SSL and EC will function as normal still?

Thanx in advance

#27173 Jan 19, 2009 15:02
  • Member since: 2008
     

    No, there are no limitations regarding the use of SSL. However, using SSL over the whole site implies encrypting/decrypting operations that may slow things down in the transport layer. If the site is under heavy load, a general recommendation (and has really nothing to do with the community platform) is to use SSL only on sections where it is really needed.

    #27243 Edited, Jan 21, 2009 21:35
  • Member since: 2005
     

    Hei Per,

    Well, slowing things down/performance is secondary to security, so the SSL/TLS security has first priority.

    But as a follow up question, do I need to write code to secure communication, or is this handled by the web server?

    #27247 Jan 22, 2009 9:42
  •  

    The SSL encryption/decryption is handled by the web server.

    You only need to install your SSL certificate and configure IIS to use your certificate for that specific site.

    #27248 Jan 22, 2009 10:08
  • Member since: 2005
     

    Ok, thanks Cool

    #27249 Jan 22, 2009 10:20
  • Member since: 1999
     

    If SSL is a vital part of the design you should install a SLL certificate on your development/test machines also to make sure you catch any gotchas early instead of the last day when you go into production with the "real" certificate.

    You can create self signed certificates easy in IIS 7: http://weblogs.asp.net/scottgu/archive/2007/04/06/tip-trick-enabling-ssl-on-iis7-using-self-signed-certificates.aspx

    On IIS 6 you use SelfSSL from the the IIS 6 resource kit.

     

     

    #27263 Jan 22, 2009 11:21
  • Member since: 2005
     

    Made a blog comment on this, if anyone is interested in reading a "summary"

    http://mariusslette.wordpress.com/2009/01/30/securing-community-communication-with-ssl/

    #27522 Feb 02, 2009 11:00
This thread is locked and should be used for reference only. Please use the Legacy add-ons forum to open new discussions.
Please login to post a reply