Index: kernel/component/src/java/org/sakaiproject/component/kernel/component/SpringCompMgr.java
===================================================================
--- kernel/component/src/java/org/sakaiproject/component/kernel/component/SpringCompMgr.java	(revision 710)
+++ kernel/component/src/java/org/sakaiproject/component/kernel/component/SpringCompMgr.java	(revision 711)
@@ -505,6 +505,20 @@
 		{
 			System.setProperty("sakai.content.upload.max", uploadMax);
 		}
+
+		if (props.getValue("force.url.secure") != null)
+		{
+			try
+			{
+				// make sure it is an int
+				int port = Integer.parseInt(props.getValue("force.url.secure"));
+				System.setProperty("sakai.force.url.secure", props.getValue("force.url.secure"));
+			}
+			catch (Throwable e)
+			{
+				M_log.warn("force.url.secure set to a non numeric value: " + props.getValue("force.url.secure"));
+			}
+		}
 	}
 
 	/**
Index: kernel/component/src/config/org/sakaiproject/config/sakai.properties
===================================================================
--- kernel/component/src/config/org/sakaiproject/config/sakai.properties	(revision 710)
+++ kernel/component/src/config/org/sakaiproject/config/sakai.properties	(revision 711)
@@ -238,3 +238,7 @@
 # some fill-ins for the css/vm ui (Worksite Setup, Digest Service, Email notification, Worksite Setup, Contact Support, Portal)
 ui.institution=Sakai Using Institution
 ui.service=Sakai Based Service
+
+# force all URLs out of Sakai back to Sakai to be secure, i.e. to use https, on this port.  Leave out to respond with the same transport as the request.
+#  Otherwise, the URLs will reflect the attributes of the request URL. (443 | 8443 | or any other port) [defaults to missing]
+#force.url.secure=443
Index: docs/sakai.properties
===================================================================
--- docs/sakai.properties	(revision 710)
+++ docs/sakai.properties	(revision 711)
@@ -98,3 +98,7 @@
 
 # to disable list of appreance/icon with "edit site information" for course sites. (set as true to display only default appearance)
 #disable.course.site.skin.select=true
+
+# force all URLs out of Sakai back to Sakai to be secure, i.e. to use https, on this port.  Leave out to respond with the same transport as the request.
+#  Otherwise, the URLs will reflect the attributes of the request URL. (443 | 8443 | or any other port) [defaults to missing]
+#force.url.secure=443
Index: util/web/src/java/org/sakaiproject/util/web/Web.java
===================================================================
--- util/web/src/java/org/sakaiproject/util/web/Web.java	(revision 710)
+++ util/web/src/java/org/sakaiproject/util/web/Web.java	(revision 711)
@@ -375,14 +375,35 @@
 	 */
 	public static String serverUrl(HttpServletRequest req)
 	{
+		String transport = null;
+		int port = 0;
+		boolean secure = false;
+
+		// if force.url.secure is set (to a https port number), use https and this port
+		String forceSecure = System.getProperty("sakai.force.url.secure");
+		if (forceSecure != null)
+		{
+			transport = "https";
+			port = Integer.parseInt(forceSecure);
+			secure = true;
+		}
+		
+		// otherwise use the request scheme and port
+		else
+		{
+			transport = req.getScheme();
+			port = req.getServerPort();
+			secure = req.isSecure();
+		}
+
 		StringBuffer url = new StringBuffer();
-		url.append(req.getScheme());
+		url.append(transport);
 		url.append("://");
 		url.append(req.getServerName());
-		if (((req.getServerPort() != 80) && (!req.isSecure())) || ((req.getServerPort() != 443) && (req.isSecure())))
+		if (((port != 80) && (!secure)) || ((port != 443) && secure))
 		{
 			url.append(":");
-			url.append(req.getServerPort());
+			url.append(port);
 		}
 
 		return url.toString();
Index: sakai/kernel/request/src/java/org/sakaiproject/util/RequestFilter.java
===================================================================
--- kernel/request/src/java/org/sakaiproject/util/RequestFilter.java	(revision 1102)
+++ kernel/request/src/java/org/sakaiproject/util/RequestFilter.java	(revision 1103)
@@ -981,21 +981,43 @@
 
 	/**
 	 * Compute the URL that would return to this server based on the current request.
+	 * Note: this method is a duplicate of one in the util/Web.java
 	 * 
 	 * @param req
 	 *        The request.
 	 * @return The URL back to this server based on the current request.
 	 */
-	protected String serverUrl(HttpServletRequest req)
+	public static String serverUrl(HttpServletRequest req)
 	{
+		String transport = null;
+		int port = 0;
+		boolean secure = false;
+
+		// if force.url.secure is set (to a https port number), use https and this port
+		String forceSecure = System.getProperty("sakai.force.url.secure");
+		if (forceSecure != null)
+		{
+			transport = "https";
+			port = Integer.parseInt(forceSecure);
+			secure = true;
+		}
+		
+		// otherwise use the request scheme and port
+		else
+		{
+			transport = req.getScheme();
+			port = req.getServerPort();
+			secure = req.isSecure();
+		}
+
 		StringBuffer url = new StringBuffer();
-		url.append(req.getScheme());
+		url.append(transport);
 		url.append("://");
 		url.append(req.getServerName());
-		if (((req.getServerPort() != 80) && (!req.isSecure())) || ((req.getServerPort() != 443) && (req.isSecure())))
+		if (((port != 80) && (!secure)) || ((port != 443) && secure))
 		{
 			url.append(":");
-			url.append(req.getServerPort());
+			url.append(port);
 		}
 
 		return url.toString();
Index: sakai/util/web/src/java/org/sakaiproject/util/web/Web.java
===================================================================
--- util/web/src/java/org/sakaiproject/util/web/Web.java	(revision 1102)
+++ util/web/src/java/org/sakaiproject/util/web/Web.java	(revision 1103)
@@ -368,6 +368,7 @@
 
 	/**
 	 * Compute the URL that would return to this server based on the current request.
+	 * Note: this method is duplicated in the kernel/request RequestFilter.java
 	 * 
 	 * @param req
 	 *        The request.