help.axcms.netAxinom Logo
Save Save Chapter Send Feedback over HTTPS


Securing Management System

First of all you should configure IIS to use HTTPS by adding HTTPS binding to your website. Note that you have to have only HTTPS binding for the site - having both HTTP and HTTPS binding usually does not make sense.

After IIS is configured and login page opens over HTTPS, continue with configuring to use HTTPS. First, change CMSApplicationHostName in web.config to use https, e.g. https://localhost

Then, change WCF configuration to use HTPPS

  1. Change <serviceMetadata> element:
    <serviceMetadata httpsGetEnabled="true" />
  2. Add          
    <security mode="Transport">
    <transport clientCredentialType="None" proxyCredentialType="None" realm="" />
    to <binding name="myServicesBinding"> element
  3. Change <endpoint address="mex"> element to
    <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />

To allow to render pages, your server root authority certificate has to be saved to Root Authority.crt file in AxCMSweb root folder:

  1. Run certmgr.msc
  2. Go to Trusted Root Certification Authorities and find authority that matches authority of your server certificate
  3. Export it in DER encoded binary X.509 format to Root Authority.crt file in AxCMSweb root folder.