On a normal web server, communications between browser and server are not encrypted. If someone were able to intercept these communications, they would be able to see the information sent from server to browser and vice versa. SSL (Secure Sockets Layer) is a protocol that encrypts this communication, so that if someone were to intercept it, they would not be able to read it (unless they can break the encryption).
Many users of the RMS do not need the security that SSL provides, but if you do, and have set up your web server to use SSL, it is easy to run the RMS under SSL.
Follow the instructions provided by Microsoft to install and configure your Web Server and IIS to use SSL encryption.
Configuring Secure Sockets Layer (IIS 6.0)
To configure the RMS to use SSL, you need to update the RMS configuration files. To do:
Open the RMS configuration file web.config. If you installed the RMS in the default location, this file will be located in the following place:
C:\Program Files\Questionmark\RMS\Web
Locate the following entry:
<sslConfiguration enabled="false">
Change this to:
<sslConfiguration enabled="True">
If you only require SSL encryption during the login operation to protect user names and passwords you do not need to make any further changes, skip to step 6. If you require all pages within the application to be encrypted when transmitting to and from the web server locate the following entries:
<add path="SecuredPages/Home.aspx" security="InSecure" />
Change this to:
<add path="SecuredPages/Home.aspx" security="Secure" />
Save your changes and close the file.
You will need to restart the IIS service before any of the changes will take effect.