Wednesday, December 17, 2008

Removing Starter Site SSL Requirements

I have played a bit with the Starter Site and keep on forgetting how to disable the SSL requirements. As you all may know, SSL is required for the Checkout, Profile and User web services.

You can obviously follow the directions nicely and create phony certificates for the time being but sometimes there are other reasons, i.e.:

  • Using a hardware accelerator
  • Development environments
  • Demo environments

However, if you want to remove the SSL dependencies from the Starter Site as well as the Business Tools, see these instructions (lifted from the Starter Site documentation):

To disable IIS metabase secure channel access for the Starter Site
  1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

  2. In Internet Information Services (IIS) Manager, expand Web Sites, expand Default Web Site, expand StarterSite, right-click the folder that you are modifying, for example, Checkout, and then click Properties.

  3. In the Checkout properties dialog box, click the Directory Security tab, and in the Secure Communications section, click Edit.

  4. In the Secure Communications dialog box, clear the Require secure channel (SSL) check box, and then click OK.

  5. Click OK to close the Checkout properties dialog box.

  6. Repeat steps 2 through 5 for each sub-directory that you are modifying, Profiles and User.

To change the Web.config secure URL assignments
  1. Click Start, click Run, type explorer, and then click OK.

  2. In Windows Explorer, move to the location where you unpacked the Starter Site application, for example, <drive:>\Inetpub\wwwroot\StarterSite.

  3. Open the Web.config file in a text editor.

  4. Locate the <commerceSite> section.

  5. Change the assignment of the requireSSL attribute. Set it to false:


  6. Add the assignment of the useSecureUrls attribute. Set it to false:


  7. Save the changes and close the file.

  8. Reset IIS.

Please keep in mind it is always recommended to use SSL for valuable data.

No comments: