how to configure web from HTTP to HTTPS

[Guest]

I have developed web forms including login by using ASP.NET via HTTP.
Now I want to secure the connection from client to the server via HTTPS.
How can I configure the server or something else to make the change?

Thank you

David

 

[Mark Fitzpatrick]

David,
First, you'll need an SSL certificate installed in IIS. Once it's
installed and configured, you should be able to reach the site through
https.

Now, you don't really configure the page to be used with https. What
you'll need to do with a login form is, see if the protocol being used is
http or https. If it's https, simply do a quick redirect to the login page
again, but this time do it through https.

You can test if you're using https connection by checking the value
of the Response.ServerVariables["HTTP"] collection. If the value is ON it's
using https. If it's off it's just using HTTP. Do a quick test for this and
redirect and you should be all set.

If you want to ensure that the entire site is secured you could also
write an httpmodule that checks each request to ensure the protocol is https
and redirects as needed otherwise.

(full list of servervariables at:
http://msdn.microsoft.com/library/d...html/21b3be8f-d4ed-4059-8e21-6cba2c253006.asp)

Hope this helps,
Mark Fitzpatrick
Microsoft MVP - FrontPage

 

[MSDN]

The following from http://support.microsoft.com/?kbid=324069

Configuring Your Web Server for SSL
To enable SSL in IIS, you must first obtain a certificate that is used to
encrypt and decrypt the information that is transferred over the network.
IIS includes its own certificate request tool that you can use to send a
certificate request to a certification authority. This tool simplifies the
process of obtaining a certificate. If you use Apache, you must obtain the
certificate manually.

In both IIS and Apache, you receive a certificate file from the
certification authority, which you must configure on the computer. Apache
reads the certificate from its source file by using the SSLCACertificateFile
directive. However, in IIS, you can configure and manage certificates by
using the Directory Security tab of the Web site or folder properties.

You can migrate certificates from Apache to IIS; however, Microsoft
recommends that you re-create or obtain a new certificate for IIS.



Configure Folder or Web Site to Use SSL/HTTPS
This procedure assumes that your site has already has a certificate assigned
to it. 1. Log on to the Web server computer as an administrator.
2. Click Start, point to Settings, and then click Control Panel.
3. Double-click Administrative Tools, and then double click Internet
Services Manager.
4. Select the Web site from the list of different served sites in the
left pane.
5. Right-click the Web site, folder, or file for which you want to
configure SSL communication, and then click Properties.
6. Click the Directory Security tab.
7. Click Edit.
8. Click Require secure-channel (SSL) if you want the Web site,
folder, or file to require SSL communications.
9. Click Require 128-bit encryption to configure 128-bit (instead of
40-bit) encryption support.
10. To allow users to connect without supplying their own certificate,
click Ignore client certificates.

Alternatively, to allow a user to supply their own certificate, use
Accept client certificates.
11. To configure client mapping, click Enable client certificate
mapping, and then click Edit to map client certificates to users.

If you configure this functionality, you can map client certificates
to individual users in Active Directory. You can use this functionality to
automatically identify a user according to the certificate they supplied
when they access the Web site. You can map users to certificates on a
one-to-one basis (one certificate identifies one user) or you can map many
certificates to one user (a list of certificates is matched against a
specific user according to specific rules. The first valid match becomes the
mapping).
12. Click OK.

 

[MSDN]

Under Secure Communication Click on Edit is you are using Win2k3
If Edit is Grayed out then Click on Server Certificate and install the
Certificate first.

ETc...

SA

 

[Guest]

Thank you for all of you.

I did go to the Internet Services Manager and did the following:
1. Click Directory Secure tab
2. Three three choices for me, but one is gray (disabled).
(1) Edit for Anonymous access and authentication control
(2) Edit for IP address and domain name ..
(3) Secure communications: disabled (gray)

In this case, it seems that I have enable Secure Communication first. How to
do it?

Thanks

David

 

[Guest]

Hi, Mark.

Where to get and how to instal SSL certificate in IIS?

David

David,
First, you'll need an SSL certificate installed in IIS. Once it's
installed and configured, you should be able to reach the site through
https.

Now, you don't really configure the page to be used with https. What
you'll need to do with a login form is, see if the protocol being used is
http or https. If it's https, simply do a quick redirect to the login page
again, but this time do it through https.

You can test if you're using https connection by checking the value
of the Response.ServerVariables["HTTP"] collection. If the value is ON it's
using https. If it's off it's just using HTTP. Do a quick test for this and
redirect and you should be all set.

If you want to ensure that the entire site is secured you could also
write an httpmodule that checks each request to ensure the protocol is https
and redirects as needed otherwise.

(full list of servervariables at:
http://msdn.microsoft.com/library/d...html/21b3be8f-d4ed-4059-8e21-6cba2c253006.asp)

Hope this helps,
Mark Fitzpatrick
Microsoft MVP - FrontPage

I have developed web forms including login by using ASP.NET via HTTP.
Now I want to secure the connection from client to the server via HTTPS.
How can I configure the server or something else to make the change?

Thank you

David

 

[Guest]

I mean I need to enable Secure Communication first.

David

 

[MSDN]

Are you using XP?
Under secure communication do you see Server Certificate... Button
You need to go through the wizard and install a certificate.

SA

 

[Guest]

Thank you.

I use Win2k. Al three options for Secure Communication are gray out. So waht
can I do?

David

 

[Guest]

I use Windows Server 2000.
The server Certificate is grayed.

David

 

[MSDN]

If you are using the Default Web site.
David, make sure that you click on the properties of the Default Web Site,
not the virtual directories beneath it.

if that does not work out then may be you need to install something with IIS
that is missing
???
SA

 

[bruce barker \(sqlwork.com\)]

you need to buy a certificat and install it before ssl will work. you need
to buy from someone you users base has installed as a trusted site in their
browser. In ie under options->content->publishers->trusted root ... you will
see the list IE comes with (verisign is the big boy, but shop around). if
its an interal site you can run your own certificate server, but all your
users will have to install a verfication certificate from your server.

when you buy a certificate, its tied to the domain name of your web site and
can not be transfered. also your certificate will expire and needs to be
renewed (so check the renewal costs).

simple artical on installing:

http://www.4guysfromrolla.com/webtech/062299-1.shtml

-- bruce (sqlwork.com)

 

[Eliyahu Goldin]

David,

Go to the IIS management Console, open your application property, Directory
Security tab. If your have an SSL certificate installed, you will have the
Secure communications group panel enabled. That is the place.

Eliyahu

 

[Guest]

My computer is windows server 2000 as an internal network server. So you mean
that I need a SSL certificate server installed on the machine. Then I can
configure IIS directory Security..

David

 

[Guest]

I think that something is missing with IIS.

David