Securing Management System
First of all you should configure IIS to use HTTPS by adding HTTPS binding to your website. Note that you have to have only HTTPS binding for the site - having both HTTP and HTTPS binding usually does not make sense.
After IIS is configured and AxCMS.net login page opens over HTTPS, continue with configuring AxCMS.net to use HTTPS. First, change CMSApplicationHostName in web.config to use https, e.g. https://localhost
Then, change WCF configuration to use HTPPS
- Change <serviceMetadata> element:
<serviceMetadata httpsGetEnabled="true" />
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
to <binding name="myServicesBinding"> element
- Change <endpoint address="mex"> element to
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
To allow AxCMS.net to render pages, your server root authority certificate has to be saved to AxCMS.net Root Authority.crt file in AxCMSweb root folder:
- Run certmgr.msc
- Go to Trusted Root Certification Authorities and find authority that matches authority of your server certificate
- Export it in DER encoded binary X.509 format to AxCMS.net Root Authority.crt file in AxCMSweb root folder.