Sitecore and SSL

With the new rules surrounding data being increasingly more important, we must all take the necessary steps to ensure that the data being used on the sites we develop is transferred from client to server securely.

To enable SSL in your sitecore site, you will need to make sure that the following has been set.

1 – Specify the schema in your configurtation

<sitecore>
<sites>
<site name="sitename" patch:after="site[@name='modules_website']" 
targetHostName="yoursite.azurewebsites.net" port="443" externalPort="80" scheme="https" />
</sites>
</sitecore>

Note: Do not place the scheme in the targetHostName. You will end up with double scheme names in your url e.g http://http://

2. Adding an IIS rewrite rule

IF you have users who load the URL via HTTP. Force them not to

<system.webServer>
 <rewrite>
 <rules>
 <rule name="ForceSSL" stopProcessing="true">
 <match url="(.*)" />
 <conditions>
 <add input="{HTTPS}" pattern="^OFF$" />
 </conditions>
 <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
 </rule>
 </rules>
 </rewrite>
 </system.webServer>
Advertisements