0

I would like my site to be on https://

I read up on stuff and followed instructions such as adding the following in settings.py: 

SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_SSL_REDIRECT = True

but it doesnt seem to work

when i put, https:// in front of my site address, i get an error:

SSL Not Enabled

This site is not enabled for SSL. Please follow this link to visit the site without SSL.
  1. how do i redirect all http requests to https://
  2. with ssl, do i need to buy ssl certificate from commerical? If so, what do i do with those keys to have my django site use it?
ealeon
  • 12,074
  • 24
  • 92
  • 173
  • typically this is handled from your web server, Apache or Nginx, you can't have this working (to my knowledge) on the `runserver` command line. You can use self signed certificates, but users will get a warning each time they visit. so a commercial one is best. again, that is installed on the web server, not django. – warath-coder Feb 28 '16 at 21:40

1 Answers1

0

If you are using Apache or Nginx you will have to look at the documentation.

For testing and development you can install django-sslserver quite easily See: http://www.marinamele.com/2014/09/security-on-django-app-https-everywhere.html

And create a self signed certificate if you need one, it is only good for testing though see How to create a self-signed certificate with openssl? or get a free one from https://letsencrypt.org/ which may suit you needs for production.

Community
  • 1
  • 1
Dan-Dev
  • 8,957
  • 3
  • 38
  • 55