[toc]
Telligent Community supports SSL to provide more security when browsing a site. There is a configurable setting in the communityserver.config file that controls the type of pages that require SSL.
CommunityServer.config SSL setting
Inside the root node of the communityserver.config file, there is a setting named SSL. Telligent Community supports three different options for SSL, which are listed below.
- Ignore - This is the default setting. Telligent Community ignores the SSL setting so that users can access the website regardless of whether or not they are communicating over SSL.
- Password - Telligent Community requires SSL communication for any page on the website that transmits a password. These pages include, but are not limited to, the login and create user pages.
- All - Telligent Community requires that all pages are transmitted over SSL. If a request comes over a non-SSL channel, it will be redirected to an SSL equivalent.
The core element in the communityserver.config file contains the SSL setting, as shown in the following example:
<Core
...
ssl="Ignore" />
Securing the Forms session cookie
In addition to requiring SSL for your pages, it is recommended to also require SSL transmission of the Forms session cookie. This is done by updating the web.config for your site so that the forms node inside the authentication section has requireSSL="true". Below is an example of an updated forms node:
<authentication mode="Forms">
<forms name=".Zimbra.Evolution" protection="All" timeout="10080" loginUrl="login.aspx" slidingExpiration="false" requireSSL="true" />
</authentication>