Posted By Stephen O'Brien on 25 Feb 2022 09:20 AM

fair enough, but DNN does provide an option to force SSL, so surely they thought about this need. Plus there's the fact that this has never happened with any previous implementation of web software I've used, DNN or otherwise.  I think there may be an issue in this current release.

This option was introduced to DNN a long long time ago - maybe because HSTS was not an option in IIS at this time, I don't know anymore. And remember the days when only login forms were HTTPS, and maybe contact forms etc., but not the whole site. This became "necessary" when Chrome and Firefox changed "secure" to "normal" and "normal" to "unsecure". So this otion is a compatipility option in my point of view.

As IIS is able to care about it, there is no more need that the web application is doing it. And therefore, I agree with Richard. Let IIS do the job, and don't care about the setting for each single page in DNN.

Happy DNNing!
Michael

Just for documentation, I faced to a weird problem this morning: I set a SSL certificate on a DNN website and I enabled the SSL mode. I'm using DNN 9.10.2.
When I tried to access to the homepage with my browser using the portal alias in http, it showned the homepage in http. I also can access it in https but I have to specify https in the browser.
I have noticed that the homepage url was different in the menu and it forced the https usage.
The portal homepage wasn't set in the portal settings. Setting it by selecting the homepage solved this.

Maybe it can help someone in the future.

One item I'd like to take a slightly different perspective on is whether you enable/enforce SSL from within DNN itself.  I personally ensure that both DNN and IIS are enforcing SSL.  This ensures that if one layer doesn't enforce it for some reason, the other will.  Also, when you take a backup and restore it for testing/development, it's running in SSL by default.  So, you can't forget to restore and test using SSL.  It's basically a failsafe/fallback setting for my processes.  

Now, that won't fix this issue.  

One thing that's difficult for all of this is how difficult it is to get a clean test for this kind of issue.  Web browsers and Windows both cache SSL settings in a way that's difficult to clear and test.  You can even run the command to clear the local DNS, and run in incognito and will still get a false positive/negative.  

When this happens to me, it's usually something very minor was missed, or there's a typo somewhere that's easy to overlook.  Oh, or...  There's a WAF (firewall) in place that also needs to be adjusted.  

• Double-check the existence and spelling of everything in the database connection strings
• Double-check the existence and spelling of the correct portal alias everywhere (web(dot)config, PortalAlias table, IIS, SSL bindings, etc.)
• Make sure you don't have an invalid XML in your web(dot)config.
• Make sure your web(dot)config doesn't have unsupported sections included (may require enabling IIS tracing)
• Re-apply permissions and make sure it's using the correct user account with the correct permissions level

If all of that looks okay, the next step I'd take is to enable debugging everywhere, and then run the tests again.  When you turn on all of the debugging features in DNN, it will report a bit more data about the friendly URLs.  To ensure that it's easy to turn on/off debugging without making a mistake, we built a Prompt command to do that for you.  

This video will show you more information about how to use the logs in DNN.  

(By the way, I was just geeking out about how many times I answer forum posts with links to resources we created in the past for someone just like you.)  🤓 

Hey Will, awesome respond man! I already book this in my favorites for troubleshooting on SSL scenarios. Thanks man

Thanks, Marco!  Also, something I make sure I do will sound super-simple... Elementary, even!  😉 

When troubleshooting this, I stop trusting my spelling too.  Copy and paste is your friend at this point.  Undoubtedly, there's a mispelling somewhere that is just too easy to miss.  ☹️