On a new IIS7 setup on windows server 2008, we moved over a web application (it happens to be cold fusion, but I think that is unrelated) from an older server. We didn't have ssl setup initially on the new server, and everything was working fine with the app.
Now, we have a new ssl cert just installed. I can pull up the plain default IIS homepage over https and it appears fine. However whenever I try to go to the login page for my app, for some reason instead of staying on https, it bounces to http and removes the filename that I'd just typed in from the url path. We do have require ssl marked in the IIS settings. If I uncheck this, I can still go to the http version of the app login page, and it still works just fine. But when I try the same path, but under https, it keeps removing the https part and the trailing filename. When this happens, the only error I get back is a 403.14, which is access denied, since directory browsing is not allowed. This makes sense because directory browsing is turned off (we don't want to alow it), and since it removed my specific filename from the url, it thinks it's trying to browse the directory instead.
To be clearer:
I type in:
and immediately, the url auto-changes to:
with this error:
403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.
and if I turn off the ssl requirement, I can type in:
(NOTE: http and not https)
and the login page comes up just fine.
Any ideas on this?