Solved

http website planning to have https

Posted on 2008-10-31
8
212 Views
Last Modified: 2012-08-13
Hi experts!
I have a server 2008 ent edition, users work through TS web access (it has some microsoft access database files) , and the website address starts like 'http://myservername.mydomainname.com'. Internally both http and https work as they have been configured in iis. Since it has database I would like to have some security.  Please guide how and where can I buy to be automatically changed from http to https.  I have about 50 users logging onto this site on different times.
Help plz
0
Comment
Question by:amanzoor
  • 4
  • 4
8 Comments
 
LVL 10

Expert Comment

by:ChopperCentury
ID: 22854010
Create a new file in the root of you web directory called sslredirect.htm
Edit the file and paste in the following, then save:
<html>

<script language="JavaScript">
<!-- begin hide

function goElseWhere()
{
var oldURL = window.location.hostname + window.location.pathname + window.location.search;
var newURL = "https://" + oldURL;
window.location = newURL;
}
goElseWhere();

// end hide -->
</script>

</html>

Next go to the Properties of your website in IIS, under Custom Errors tab. Edit 403;3 and set the file destination to that of the new file you just created.
Finally, under Directory Security, Secure Communication, edit the option to Require SSL.

THIS PROCESS IS TESTED FROM WINDOWS 2003! Should still work with 2008, IIS just may be arranged a little differently.

0
 
LVL 10

Expert Comment

by:ChopperCentury
ID: 22854022
Woops (sorry typo)...edit 403;4
0
 
LVL 4

Author Comment

by:amanzoor
ID: 22855498
ChopperCentury:
Thanks for the reply.  Tell me please:
I have not asked my ISP to mapp https instead of http, Do I have not to buy any https certificates for this? and also how would the DNS resolve to https if I simply make a change in my IIS? i.e a person logging in to my existing URL 'http://servername.mydomainname.com' would first come to my server gets changed to https and goes back?.  Sorry I just want to clarify myself I am weak in this area.
Help plz
0
 
LVL 10

Expert Comment

by:ChopperCentury
ID: 22855926
If I misread the question please let me know....
Is IIS working internally now with http and https?
Is only internal use allowed?
If yes to both then what I gave you will do the trick.
You only need to worry with a cert if accepting external traffic. However, you can use Windows Server to create a self signing cert for free if you simply want to get rid of the security warning message. Here is a site to help you accomplish this in Server '08...
http://www.netometer.com/video/tutorials/server-2008-self-signed-certtificate/
As far as DNS, you are already good to go. http and https are ports 80 and 443 respectively, that can rid on the same IP address.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 4

Author Comment

by:amanzoor
ID: 22862174
ChopperCentury:
Thanks
Yes I want to accept the eternal traffic.  Yes the internal https is enabled in IIS.  Yes I want to generate a self signed certificate.  THe link you sent is an excellent source, too bad it worked only once.  How and where can I find this 'selfssl.exe' command on server 2008?
Basically now I have a rough image of what I need to do in order for my clients to visit through https.
Help
0
 
LVL 4

Author Comment

by:amanzoor
ID: 22864292
Is it possible to get the full command again for 'selfssl.exe' as shown in that slide show?  It will help me issue the certificate for the exact URL I want to?
Thanks
0
 
LVL 10

Accepted Solution

by:
ChopperCentury earned 500 total points
ID: 22864477
From a command prompt you can type:
selfssl /?
This will give you the command options. Also, selfssl.exe is a product from the IIS6 resource kit.
http://support.microsoft.com/kb/840671
The link I gave is the only I could find relating to a step-by-step guide thru IIS7. I have not personally used Windows 2008. The actual selfssl command will work the same as with IIS6. Following are the defualt options if you simply type selfssl and press enter and Y to confirm.
/N:CN=<YOUR COMPUTER NAME> (common name of the certificate)
/K:1024 (key length of the certificate)
/V:7 (validity of the certificate in days)
/S:1 (ID of the site to which the certificate needs to be installed)
/P:443 (SSL port)
Options that you might want to change from the default settings would be the validity days, site ID (if not installing to Default Website), and comman name (if different from the computer name).
0
 
LVL 4

Author Closing Comment

by:amanzoor
ID: 31512177
Thanks I really appreciate your upto the point advice, regards.
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now