SSL protection for a Directory on the Web server

Let's say that my web site doesn't really require SSL support as a whole, but just the apps and data that run in just a single secure directory on my web server.  Is it possible to somehow setup the SSL to protect only that single directory's contents.  How would I set that up? How would I link to the apps and documents stored there? My web site calls the contents of the secure directory using relative links now.  Would I have to change that to some HTTPS address?

Appreciate any and all help.


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

What webserver are u using, IIS? Apache?

It's pretty easy to setup SSL on only a specific directory, but in IIS you have to define the certificate for the entire site. Then on the subdirectory only you check the box "require ssl".  Other directories do not have the "require ssl" option checked.
This option can be found by right clicking on the subdirectory you want choose properties, then choose directory security at the bottom is Certificates, click the edit button and check the box require SSL

Under Apache, just put the SSLEngine and Certificate directives inside the <Directory> attributes as needed.

Links to the secured directory need to be prefexed with https://yoursite/yourdirectory/yourfile, etc.

If you are serving these pages to users from behind a firewall, make sure they can access port 443 as this is the default port used for http(s) connections

Hope this helps


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
simply use https:// instead of http:// in all your references
the pages found in the SSL protected area should only use relative URLs (except those pointing outside that SSL area)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.