How do the SEC_ADMIN_HTTPS and SEC_END_USER_HTTPS keys work?

Expand

Collapse

Advanced SearchOpens new dialog

Enter plus (+) or minus (-) signs in search terms to make a word required or excluded
Search Tips

Search terms

Screen Reader users press enter to select a Filter by product. Filter by product

Screen Reader users press enter to select a Filter by category. Filter by category

Sort by Direction

Answer ID 10562 | Last Review Date 01/29/2019

How do we control the enforcement of SSL on our console, or end-user pages?

Environment:

Sites that use custom domain SSL
All supported versions

Issue:

We are interested in modifying the way SSL/TLS is enforced for our site/interface..

Resolution:

There are two primary configuration settings that control SSL/TLS behavior for your site/interface. The SEC_ADMIN_HTTPS setting controls the behavior for the .NET admin console. SEC_END_USER_HTTPS controls the behavior for your end-user pages.

Enabling both will mean that SSL/TLS is forced. This is the most secure method but can lead to issues in various areas of the product if the respective SSL/TLS certificate is not in good standing for any reason.

If these settings are disabled, then the client device's request is honored, meaning that if an end-user enters HTTP in their browser, the communication will use that, while if they enter HTTPS it will use SSL/TLS, assuming there are no cert issues present.

These settings are only configurable by Technical Support. If you would like to make a change please submit a service request via Ask Technical Support.

Loading...

Login

How do we control the enforcement of SSL on our console, or end-user pages?

Was this answer helpful?

Still have questions?

Available Languages for this Answer:

Related Answers

Login