How do I force all Zope/Plone logins to be Secure Sockets Layer (SSL)?
To force all web accesses for a web domain to be by SSL, you need to configure IIS to require SSL login. Open IIS, right-click Default Web Site, select Directory Security, Secure Communications (edit). Choose the option “Require Secure Channel.” (This assumes that you have already created a new SSL Certificate for the server or imported an existing one; read your IIS documentation for how to do that).