AI OnAI Off
SSL and Community
No, there are no limitations regarding the use of SSL. However, using SSL over the whole site implies encrypting/decrypting operations that may slow things down in the transport layer. If the site is under heavy load, a general recommendation (and has really nothing to do with the community platform) is to use SSL only on sections where it is really needed.
Edited,
Jan 21, 2009 21:35
Hei Per,
Well, slowing things down/performance is secondary to security, so the SSL/TLS security has first priority.
But as a follow up question, do I need to write code to secure communication, or is this handled by the web server?
Jan 22, 2009 9:42
The SSL encryption/decryption is handled by the web server.
You only need to install your SSL certificate and configure IIS to use your certificate for that specific site.
Jan 22, 2009 10:08
If SSL is a vital part of the design you should install a SLL certificate on your development/test machines also to make sure you catch any gotchas early instead of the last day when you go into production with the "real" certificate.
You can create self signed certificates easy in IIS 7: http://weblogs.asp.net/scottgu/archive/2007/04/06/tip-trick-enabling-ssl-on-iis7-using-self-signed-certificates.aspx
On IIS 6 you use SelfSSL from the the IIS 6 resource kit.
Jan 22, 2009 11:21
Made a blog comment on this, if anyone is interested in reading a "summary"
http://mariusslette.wordpress.com/2009/01/30/securing-community-communication-with-ssl/
Feb 02, 2009 11:00
This thread is locked and should be used for reference only. Please use the Legacy add-ons forum to open new discussions.
Is there any limitationis on EPiServer Community (3.1) when it comes to using SSL on the server and entire solution?
Our client wants secure communication between client and server, and SSL will satisfy their requirements, but I dunno wether SSL and EC will function as normal still?
Thanx in advance