IIS 7 on Windows server 2008 - problem with https forwarding to http

On a new IIS7 setup on windows server 2008, we moved over a web application (it happens to be cold fusion, but I think that is unrelated) from an older server.  We didn't have ssl setup initially on the new server, and everything was working fine with the app.

Now, we have a new ssl cert just installed.  I can pull up the plain default IIS homepage over https and it appears fine.  However whenever I try to go to the login page for my app, for some reason instead of staying on https, it bounces to http and removes the filename that I'd just typed in from the url path.  We do have require ssl marked in the IIS settings.  If I uncheck this, I can still go to the http version of the app login page, and it still works just fine.  But when I try the same path, but under https, it keeps removing the https part and the trailing filename.  When this happens, the only error I get back is a 403.14, which is access denied, since directory browsing is not allowed.  This makes sense because directory browsing is turned off (we don't want to alow it), and since it removed my specific filename from the url, it thinks it's trying to browse the directory instead.

To be clearer:

I type in:
https://servername/path/to/my/app/Login.cfm

and immediately, the url auto-changes to:
http://servername/path/to/my/app/
with this error:
403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.

and if I turn off the ssl requirement, I can type in:
http://servername/path/to/my/app/Login.cfm (NOTE:  http and not https)
and the login page comes up just fine.

Any ideas on this?
LVL 9
sah18Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

setasoujiroCommented:
Did you modify the site's port binding to 443?
0
sah18Author Commented:
I didn't install the ssl cert, but I can check.

If I go to:
IIS Manager
Right-Click on  Default Web Site --> Edit Bindings
this is what I see: Default Web Site - Bindings
Does this look correct to you?
0
setasoujiroCommented:
ok, and this is for THAT site, not the default IIS site?
0
sah18Author Commented:
The only site I have defined is the default IIS site.
0
setasoujiroCommented:
Try removing the http binding and leave only https
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.