Reputation:
Is there a way to redirect https to http on IIS 7?
We have not purchased an SSL certificate so the user of our website has to click to "approve" the website everytime they use it. Is there a quick way to redirect all https:// traffic to http:// for now in IIS 7? So that all content is served as under http://
By the way I DO NOT have "Require SSL" ticked under SSL settings.
Also if I purchase an SSL certificate, how would I point it so that IIS 7 on my server can use it and allow the user entry without warning them everytime?
Thanks!
Upvotes: 0
Views: 6445
Answers (1)
Reputation: 536765
Is there a quick way to redirect all https:// traffic to http:// for now
Not really. The redirect can be done, of course, but the redirect response itself must be signed with a trusted certificate or the user will get the same warning as before.
This makes sense: otherwise, a man-in-the-middle attacker could simply respond to a user's HTTPS request with a redirect to HTTP (or a different HTTPS site) and take over the browsing session, defeating the purpose of SSL.
If you get your certificate signed by a trusted CA you can just import it in the same way as the current self-signed cert. Some CAs may require extra cert chains but that's CA-specific: you'll find the relevant details for setting up web servers including IIS7 with those certs on all good CA sites.
Upvotes: 3
Related Questions
- Redirect http to https via IIS
- IIS 7.5 HTTP to HTTPS redirect
- Redirect from HTTP to HTTPS - IIS 7.5
- Redirect https to http without SSL - IIS 7
- Redirect http to https in default.aspx
- IIs 8 Redirect URL from http to https
- Redirect HTTPS to HTTP (Without SSL cert)
- IIS 7.0 redirecting https to http
- redirection http to https asp/iis
- https to http redirection when ssl is not installed