Using HTTPS with IIS and ASP.NET

Question

I'm using ASP.NET, and IIS web server. I want to use HTTPS protocol on my web site. In my IIS web server, I binded my web site on port 443 using following procedure:

1. Open IIS

2. Chose site I want to configure (in my case "My Test site")

3. Click Bindings on right side of window

4. In new window I deleted http, and added https (IIS asks you a certificate file, which I previously created)

5. Click OK

6. Click browse on right side of IIS window

Am I using HTTPS now, and is all my data is encrypted?

Answer 1

It should be. However to ensure that the data is encrypted, you can do this further check.

Open the site in the browser and if you are using firefox, you should see a green colored label near the address bar, on internet explorer, you will see a lock sign - in short, there will be some sort of security information. Open it and check it. It will show the status of certificate and will also show you if the site is protected or not.

This is the final test at client side. If you have proper certificate installed which could be validated, it would say that the site is protected, otherwise it would say that the data is encrypted but the certificate is not valid - kind of security exception.