Blog

Southern Fried DNN Blog

Southern Fried DNN User Group (Formerly Queen City DotNetNuke User Group QCDUG) blog covers DNN topics addressed by the usergroup at meetings, conventions and for the DNN community for North Carolina, South Carolina and the DNN community at large!
 

Setting Simple SSL with Cloudflare + DNN

There's not too much to this blog post... I had to setup SSL certificates for two or three sites recently and encountered some troubles when working with CloudFlare and I thought it might be helpful to write up what I learned and what worked...

These tips assume that:

  1. You're already familiar with how DNN handles and manages SSL settings
  2. Your'e already running CloudFlare for the domain's DNS and it's active

The Problem: Enforcing full-site SSL rules within DNN, and setting Admin > Site Settings SSL Enabled AND SSL Enforced will not work when used with CloudFlare unless you go by the correct settings.

Depending on the settings combined, you can encounter issues where you have a dead site with redirect loops, or errors, and it's partially based on the combination of CloudFlare settings and server settings within IIS.

If you go through the steps of turning on an SSL setting in CloudFlare and then in DNN setting a portal's SSL Settings to Enabled AND Enforced, then you can experience these redirect loops. To find out more about them from CloudFlare, the following support article was helpful

https://support.cloudflare.com/hc/en-us/articles/200170566-Why-isn-t-SSL-working-for-my-site-

These parts from the article sounded like the issue encountered:

  • If you do not have a SSL certificate on your origin server, or simply can't use port 443 for web traffic, then you will need to use the Flexible setting in your Cloudflare dashboard. Selecting either the Full or Strict setting without a SSL certificate at your server will result in a 525/526 error
  • Selecting Flexible when your origin has a redirect from http to https leads to a redirect loop. In this case, assuming there is an SSL certificate at the origin, you should use Full or Full(strict).

So, what's going on with these? Let's look more closely at CloudFlare's SSL settings

Within Cloudflare there are different settings for SSL action

  • Off
  • Flexible
  • Full
  • Full(strict)

You can learn more about them here (https://support.cloudflare.com/hc/en-us/articles/200170416-What-do-the-SSL-options-mean-)

The Solutions: These settings combine together with DNN's SSL settings for you to have three different use-case scenarios:

Option One - Optional SSL

IF you want to allow SSL within DNN but do not need to enforce (Enabled but not Enforced), then the Flexible setting will work correctly for you and will allow CloudFlare's intermediate SSL certificate to function.

Option Two - Full (strict) SSL with a Third-Party Issued Certificate

IF you create a proper standard SSL certificate from a Certificate Issuing Authority, then you will set it up in standard fashion within IIS and then in DNN turn on Enabled AND ENFORCED and wtihin Cloudflare set it to Full(strict)

Option Three - Quick Self-Signed Certificate YET Secure from CloudFlare

However, if you want to do a more quick/simple step, often for validation that is for Google SEO / marketing use rather than eCommerce/security, then you can do the following

  1. Create a Self-Signed Certificate within IIS following these simple steps (https://technet.microsoft.com/en-us/library/cc753127(v=ws.10).aspx)
  2. In the website bindings within IIS, be sure to set the port/ssl cert for at least the www version of the domain
  3. In DNN turn on SSL Enabled and Enforced
  4. In the database (or manually) set all Tabs for this portal to IsSecure = True
  5. In DNN clear cache / restart app pool
  6. In CloudFlare set the SSL settings to Full

At this point, once the site restarts, you will have enforced SSL state for all pages where you have set IsSecure and an SSL Certificate from CloudFlare will show to the browser.



moorecreative
moorecreative
moorecreative's Blog


blog comments powered by Disqus

Sponsor Logo Scroll

The Southern Fried DNN user group and our proud sponsors are here to help you!

Sign Up For Alerts

Keep up on our activities and meetings. Enter your e-mail and subscribe to our group announcements and alerts.



About The User Group

The Southern Fried DNN User Group meets the Third Thursday of Every Month to discuss DotNetNuke tips, topics and camaraderie. The group is for DNN developers, administrators and users, and for everyone interested in learning more!

Get in touch

Follow Us