How do we control the enforcement of SSL on our console, or end-user pages?
Sites that use custom domain SSL
All supported versions
We are interested in modifying the way SSL/TLS is enforced for our site/interface..
There are two primary configuration settings that control SSL/TLS behavior for your site/interface. The SEC_ADMIN_HTTPS setting controls the behavior for the .NET admin console. SEC_END_USER_HTTPS controls the behavior for your end-user pages.
Enabling both will mean that SSL/TLS is forced. This is the most secure method but can lead to issues in various areas of the product if the respective SSL/TLS certificate is not in good standing for any reason.
If these settings are disabled, then the client device's request is honored, meaning that if an end-user enters HTTP in their browser, the communication will use that, while if they enter HTTPS it will use SSL/TLS, assuming there are no cert issues present.
These settings are only configurable by Technical Support. If you would like to make a change please submit a service request via Ask Technical Support.