How can I enable SSL for the entire nopcommerce site?

1 2 3 >
Posted: January 16, 2013 at 1:39 PM Quote #87430
I have enabled SSL, and it works fine for cart/checkout etc. However, when I type https://mystore.com it just got redirected to http://mystore.com

What should I do to force a https for the entire website?
Thanks for any help!
This post/answer is useful
2
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: January 16, 2013 at 2:31 PM Quote #87433
That was changed in a recent version because there is no reason for the other pages throughout the site to use an SSL as there is nothing that needs to be encrypted on them. It can also speed up the speed of the site along with helping with SEO problems that can be caused by having an https and http version of a page. If you want to change that I am not sure what is entailed.
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Thank you,

Blake Smith
http://www.silhouetteweb.com
Posted: January 17, 2013 at 6:47 PM Quote #87520
I ran into this with a client a while back.  Some clients just want that little padlock to show up on all pages.  A reasonable request.

What I did was completely remove all references to controller attribute NopHttpsRequirment.  After this I added a custom inbound url rule in IIS that looked something like this.

Pattern: (.*)
Conditions: {HTTPS} Matches the Pattern ^OFF$
Action: Redirect https://{HTTP_HOST}/{R:1} Permanent 301

Easy peasy.

The alternative would be to decorate all base controllers with NopHttpsRequirement and require SSL.  Also pretty easy.  I just prefer the 301 permanent redirect method personally.

t
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Trevor C.
Posted: January 18, 2013 at 2:26 AM Quote #87534
Just set "SecuritySettings.ForceSslForAllPages" setting to "true"
This post/answer is useful
12
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Interested in the dedicated Premium support services provided by core developers? Please visit http://www.nopcommerce.com/supportservices.aspx

Regards,
Andrei Mazulnitsyn
Posted: May 31, 2013 at 9:00 PM Quote #97940
a.m. wrote:
Just set "SecuritySettings.ForceSslForAllPages" setting to "true"


I have same issue, Where do I do this?
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: August 25, 2013 at 6:02 AM Quote #103916
How can i see that sSL is working ? I have SSL installed on my site (ARVIXE) and I ve checked the Force SSL on all site, but i don't see any lock on the webaddress of chrome.

Please could you help me ?
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: September 03, 2013 at 12:34 AM Quote #104501
similar issue here:
securitysettings.forcesslforallpages does absolutely nothing!
if you type http://yourwebsite.com , it still shows unencrypted.
only if you type https://yourwebsite.com, does it encrypt all the pages

What I'd like to see is: the login page, checkout page and customer pages encrypted.
It would be nice if ALL the admin pages were encrypted -
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: September 03, 2013 at 12:38 AM Quote #104502
joebloe wrote:
I ran into this with a client a while back.  Some clients just want that little padlock to show up on all pages.  A reasonable request.

What I did was completely remove all references to controller attribute NopHttpsRequirment.  After this I added a custom inbound url rule in IIS that looked something like this.

Pattern: (.*)
Conditions: {HTTPS} Matches the Pattern ^OFF$
Action: Redirect https://{HTTP_HOST}/{R:1} Permanent 301

Easy peasy.

The alternative would be to decorate all base controllers with NopHttpsRequirement and require SSL.  Also pretty easy.  I just prefer the 301 permanent redirect method personally.

t


Thanks for the advice!!! ForceSslForAllPages does nothing unless you actually type in HTTPS (which no one ever does making the setting moot)
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: September 06, 2013 at 11:16 AM Quote #104815
joebloe wrote:
I ran into this with a client a while back.  Some clients just want that little padlock to show up on all pages.  A reasonable request.

What I did was completely remove all references to controller attribute NopHttpsRequirment.  After this I added a custom inbound url rule in IIS that looked something like this.

Pattern: (.*)
Conditions: {HTTPS} Matches the Pattern ^OFF$
Action: Redirect https://{HTTP_HOST}/{R:1} Permanent 301

Easy peasy.

The alternative would be to decorate all base controllers with NopHttpsRequirement and require SSL.  Also pretty easy.  I just prefer the 301 permanent redirect method personally.

t


For some reason on IIS 8 this doesn't work (at least for me). Could be they changed something. I didn't check. However this does

  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true" />
        <rewrite>
            <rules>
                <rule name="Redirect to HTTPS" stopProcessing="true">
                    <match url=".*" />
                    <conditions>
                        <add input="{HTTPS}" pattern="^OFF$" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}/{R:0}" redirectType="Permanent" />
                </rule>
            </rules>
        </rewrite>
  </system.webServer>

I merely had to change R:1 to R:0 and enable SSL and it works.

So maybe IIS7 and 8 are different. I haven't tested it with IIS7 (windows 7 / SBS 2010 etc) or on 2012 yet.
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: October 29, 2013 at 11:11 PM Quote #108032
vinee wrote:
Just set "SecuritySettings.ForceSslForAllPages" setting to "true"

I have same issue, Where do I do this?


Go to

Admin --> Configuration --> Settings ---> All Settings (Advanced)

Click the "Funnel" Type icon next to Setting Name Column. Using that filter, filter for "SecuritySettings.ForceSslForAllPages" and update the setting.

Caution: You can update almost all the settings of nop commerce from this screen.
This post/answer is useful
2
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Kind Regards,
Jey

Please up vote if my answer did help you to solve your problem.
1 2 3 >
Premium support services
  • Dedicated premium support services provided by core developers are intended for persons who run mission critical websites, work on projects with tight deadlines, or want to get dedicated support.
Professional services
  • Want to open a new store? Want to take your store to the next level? Need a custom extension? We can customize nopCommerce to fit your store perfectly. Request a quote to get started.