How to serve EPiServer CMS over HTTPS


What is the correct way to enforce EPiServer CMS to be served over HTTPS and redirect any HTTP requests to HTTPS in the latest version (9.7)?

I tried modifying uiUtil attribute in , but it didn't get me far. Also tried doing an IIS URL rewrite redirect, but it then broke down the edit mode:

Mar 10, 2016 12:25

You can find documentation about SSL at the bottom

and for redirect check out

                <clear />
                <rule name="Redirect to https" stopProcessing="true">
                    <match url="(.*)" />
                        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />

You can also do it for part of the site (not recommended though). Check out

Edited, Mar 10, 2016 13:03

Hello Daniel,

Thank you for your reply.

SSL information on the link you sent simply talks about how to create a self-signed certificate, so doesn't really relate to EPiServer or my question.

Redirect rule you have added seems even more generic than the one I had used. We only need to have EPiServer CMS served over HTTPS. Have you tested this rule on a project you worked on? Does it not break things for you in the edit mode?

Mar 11, 2016 9:31

Ah! You mean only having https on ui for edit and admin? In that case I misunderstood your question. Thought you wanted it on whole site which would be recommended.

If you do want https on only edit and admin mode remember that login page is normally under /util which would be most important to protect. Haven't tried that no. Wouldn't recommend it either :)

Mar 11, 2016 9:39
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.