Configuring the Content Manager Explorer Web site for HTTPS

Connecting to the Content Manager Explorer Web site using HTTPS requires changes in IIS and to various configuration files. When you configure HTTPS, do not remove existing HTTP configurations or bindings; at most, you can reduce them to a loopback-only configuration.

Procedure

  1. If you use IIS 7.5, do the following:
    1. Click the Server Manager icon in the task bar.
      Server Manager opens in a new window.
    2. In the tree on the left, navigate to Roles > Web Server (IIS) > Internet Information Services.
      In the content area, Internet Information Services 7 appears.
    3. In the IIS tree in the left part of the content area, open the node representing this computer, then navigate to Sites > SDL Tridion 2013 SP1.
      A set of icons and an action panel appear on the right hand side of the content area.
    4. In the action panel, in the Actions area, click Edit Bindings.
      The Site Bindings dialog opens.
    5. Select the existing binding for http and click Edit. In the IP address field, fill in Unassigned. Then click OK to close the dialog.
      The Site Bindings dialog reopens, showing the modified binding.
    6. Click Add and in the Add Site Binding dialog that opens, set Type to https and select a valid SSL certificate under SSL certificate. For IP address, select All Unassigned. Change the port as needed; IIS Manager preselects the default value of 443. Then click OK to add this binding.
      The Site Bindings dialog reappears, now showing a new binding.
    7. Close Server Manager.
  2. On the Content Manager server, navigate to %TRIDION_HOME%\web\WebUI\WebRoot\ and do the following:
    1. Open the web.config file in a plain-text or XML editor.
    2. Because IIS has been set up for multiple bindings (HTTP and HTTPS), configure the WCF for both protocols by uncommenting the <baseAddressPrefixFilters> element and adding an entry inside it, containing a protocol and hostname. For example:
      <baseAddressPrefixFilters>
      	<add prefix="http://hostname_in_use"/>
      	<add prefix="https://hostname_in_use"/>
      </baseAddressPrefixFilters>

      where hostname_in_use is the full host name (so not localhost).

    3. Find the <bindings> section containing the <webHttpBinding> section. (Leave the <webHttpBinding> section unchanged, even if you do not intend to use HTTP.) Find the binding element with its name attribute set to the value Tridion.Web.UI.ContentManager.WebServices.WebHttpsBindingConfig, with a comment above it. Change your comment delimiters so that the element is no longer commented out.
    4. Save and close web.config.
  3. Access the TRIDION_HOME\web\WebUI\Models\TCM54\ directory and do the following:
    1. Open the web.config file in a plain-text or XML editor.
    2. Uncomment all the endpoint elements in comments that start with the line <!-- For https, uncomment this.
    3. Save and close web.config.
  4. Access the TRIDION_HOME\web\WebUI\Models\TCM60\ directory and do the following:
    1. Open the web.config file in a plain-text or XML editor.
    2. Uncomment all the endpoint elements in comments that start with the line <!-- For https, uncomment this.
    3. Save and close web.config.
  5. Access the TRIDION_HOME\web\WebUI\Models\CME\ directory and do the following:
    1. Open the web.config file in a plain-text or XML editor.
    2. Uncomment the endpoint element that is commented out.
    3. Save and close web.config.
  6. Access the TRIDION_HOME\web\WebUI\core\ directory and do the following:
    1. Open the web.config file in a plain-text or XML editor.
    2. Uncomment the endpoint element that is commented out.
    3. Save and close web.config.
  7. If you have Audience Manager and Outbound E-mail installed, access the TRIDION_HOME\Outbound Email\Models directory and do the following:
    1. Open the web.config file in a plain-text or XML editor.
    2. Search for WebHttpBindingConfig element and replace with WebHttpsBindingConfig.
    3. Save and close web.config.
  8. If you intend to browse the Web site on the server itself, follow the instruction in Microsoft Knowledge Base Article 896861 to disable loop checking. Refer to http://support.microsoft.com/kb/896861 for details.
  9. Restart IIS to apply your changes.

Results

Your Content Manager Explorer Web site can now also be accessed through HTTPS.