I am setting up SSL certificates on a development environment using IIS 6 on W2k3.
I have a directory called login with a single page login.asp which I would like only viewable over SSL.
So before installing or applying SSL permissions, the page is viewable through a browser. I can browse the page and it redirects etc. and all is good. However Basic Authentication is Base64 encoded so I want to secure the traffic from this page only.
I have created a dummy certificate in makecert, installed it and added it to IIS. IIS is happy that it is trusted. I have selected the directory of login and child files to "Require SSL channel". When I refresh my browser on login/login.asp I get a "404: Page Not Found" in IE 8. So 2 issues here
- The page is now unviewable when using HTTPS.
- They must manually type the HTTPS (minor inconvenience for now)
If I turn off "Require SSL Channel" from IIS, it works again.
What part of the process am I missing as I have followed several tutorials on installed SSL certificates, but still come across this barrier.
Now I have investigated this problem a lot more thoroughly, I thought I'd respond.
The problem is that the page now expects to only be requested as HTTPS. If you require to automatically switch to HTTPS when requesting HTTP, I did this by forcing any 401.3 errors (in the Custom Errors tab of the site) to a specific URL, which then changed the http:// to https:// for any incoming request.
Looking at articles on Google, you can either do it in a ASP/.NET etc or Javascript.
Also I found the
selfssl.exein the IIS 6.0 Resource Kit to be much more user friendly thanmakecert.exe. Very very simple to use.