Packetwatch.net

IIS and SSL in Windows



Last modified: Aug. 31, 2009

Contents
1 - Summary
2 - Install IIS
3 - Configure default website
4 - Import SSL certificate
5 - Configure website SSL redirection


1 - Summary

This guide will show how to import an SSL certificate to be used in IIS in
Windows. The site will now use SSL and will redirect HTTP requests to HTTPS
requests. The site won't allow HTTP requests after this. This has been tested
using an SSL certificate exported from Apache and imported into IIS 6.0 in
Windows 2003.


2 - Install IIS

Go to Add or Remove Programs and click on Add/Remove Windows Components. Click
the check next to Application Server and click Details. Click the check next to
Internet Information Services (IIS) and click Details. Click the check next to
World Wide Web Service and click Details. Click the check next to Active Server
Pages and World Wide Web Service.

World Wide Web Service options
Click OK a few times and click on Next. You will be prompted to insert the Windows 2003 CD. After the wizard completes the IIS service will be installed. 3 - Configure default website The DNS A records have already been set. Open Internet Information Services (IIS) Manager by typing the following in at the Run button on the Start Menu. %SystemRoot%\system32\inetsrv\iis.msc
Internet Information Services (IIS) Manager
Expand it to display the web sites by double-clicking on Web Sites. Right-click on Default Web Site and select Properties. On the Web Site tab change the Description to read server.test.com.
Web Site tab
On the Home Directory tab notice the Local path is c:\inetpub\wwwroot.
Home Directory tab
On the Documents tab remove all the default content pages and add index.html. Click Apply and then OK.
Documents tab
Create an index page named index.html in C:\inetpub\wwwroot. Right-click on the SERVER (local computer) and select All Tasks, Restart IIS and click OK.
Restart IIS
Open Firefox and navigate to http://server.test.com/ to make sure it works. 4 - Import SSL certificate Go back into Internet Information Services (IIS) Manager. Expand it to display the web sites by double-clicking on Web Sites. Right-click on server.test.com and select Properties. Go the Directory Security tab and click on Server Certificate.
Web Server Certificate Wizard
Click Next. Click Import a certificate from a .pfx file.
Server Certificate
Click Next. Browse for the path and file name of the .pfx file.
Import Certificate
Click Next. Type in the import certificate password.
Import Certificate Password
Click Next. Keep the SSL port as 443.
SSL Port
Click Next. A summary will be displayed of the imported certificate.
Imported Certificate Summary
Click Next. You've now imported the certificate.
Completed Certificate Wizard
Finally, click Finish. 5 - Configure website SSL redirection Create a file named sslredirect.asp in C:\inetpub\wwwroot. <% response.redirect("https://server.test.com/") %> Go back into Internet Information Services (IIS) Manager. Click on Web Service Extensions. Make sure Active Server Pages is Allowed.
Web Service Extensions
Right-click on the website and select Properties. Go to the Directory Security tab and click on Edit under Secure Communications. Check the box next to Require secure channel (SSL) and click OK.
Directory security for website
On the Custom Errors tab select HTTP Error 403;4 and click on Edit. Change the Message type to be URL and set the URL to be /sslredirect.asp and click OK. Click Apply and then OK again.
Custom Error Properties 403;4
In the Internet Information Services (IIS) Manager go the website and right-click on sslredirect.asp and select Properties. On the File Security tab click Edit under Secure communications. Uncheck the box next to Require secure channel (SSL) and click OK.
File security for SSL redirect
Click Apply and then OK again. Right-click on the SERVER (local computer) and select All Tasks, Restart IIS and click OK. Open Firefox and navigate to https://server.test.com/ to make sure it works. Next, navigate to http://server.test.com/ and it will redirect to the HTTPS version of this website.

Last modified: Thu Jan 1 00:00:00 1970 UTC
Packetwatch Research 2002-2024.