Adding SSL to IIS Application

Hello All,

I have an Website with many sub applications... 1 of which is now grabbing bank info and passing it to the banks for payment options/etc... My website on all other apps I dont feel need the https... How do i go about installing it on just the application? This app is in .net so we do require a login on this application so i figure I would SSL it from that point. Anyone have any step by steps on how to do this without interupting anything else on my IIS server? IIS 7 on Win 2008 r2.
gsswho6Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hemil AquinoNetwork EngineerCommented:
If you are hosting your website you can create a CTR file with the required information via IIS.
Now, keep in mind that the certificate it's to secure end to end connectivity and nothing else. so if you are having a website application, the certificate will make sure that anything the client type it's encrypted. It doesnt matter whether you have a login form or not. it's just a secure socket.

I have found a good link that will help you to configure and understand how to install a certificate.
https://www.sslshopper.com/article-installing-an-ssl-certificate-in-windows-server-2008-iis-7.0.html
0
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
If I understand your question, a few thoughts.

1) Because of the way HTTP2 is tool, using HTTP2 + new SSL optimizations tend to dramatically speed up HTTP based transactions.

If the apps you mention are all HTTP, then you can only gain by wrapping them in HTTP2 + SSL.

2) SSL is on a per IP basis, so if your apps are HTTP, then the only way to run them as non-SSL is to attach them to a different port.

If your using the HSTS header, as you should be, then you'll likely have to place all your non-ssl apps on another IP.

Your question will require much more detail, about your entire app ecosystem - all apps running + IPs + ports + whether your using HTTP for for all apps + if your running HTTP1.1 or HTTP2.

With this additional information, likely people can assist you.
0
gsswho6Author Commented:
Everything is http on 1 IP no different ports... Main website with multiple application below it. What you are saying is that since SSL is bound to 1 IP that everything on that 1 IP is affected?
0
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

gsswho6Author Commented:
Bump
0
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Only if you've enabled HSTS, something like this in your config file....

# Enable HTTP Strict Transport Security with a 2 year duration
Header always set Strict-Transport-Security "max-age=63072000; preload"

Open in new window


To better answer your question, describe what you mean by apps, as this has no meaning as a generic term.

If all these apps are running HTTP (which seems to be what your last update suggests), then if they use the same host name, then you'll have to split them onto separate IPs... if you're using HSTS.

To better answer your question, provide real URLs to each of your apps + likely someone can answer you.

And simple approach is wrap everything in SSL. There's no downside anymore, as SSL normally runs as fast + sometimes faster than non-SSL now. Especially as TLS handling has moved out of user space to Kernel space with Kernel-4.13 which just released + HTTP2 pipelining/multiplexing.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gsswho6Author Commented:
Appreciate that... I am thinking now it would just be best to SSL the entire site...  Is the best step by step the one Hemil linked? I was just worried that applying SSL to the entire site would have an affect on all my other applications/etc, which shouldnt correct?
0
gsswho6Author Commented:
I pretty much have everything in order...  SSL certificates are both downloaded to my local server. I believe now i just need to install them/complete the certificate request and then do the https binding.... Anything I should look for when doing this? Shall i expect any of my sub application to potentially have problems?
0
gsswho6Author Commented:
Got everything working great however i have 1 issue and its probably something simple I am missing.

In the bindings i have https and use hostname https://www.xxx.com and it works great  however just https://xxx.com doesn resolved... So just like i did with http in creating a binding for both www/no www I figured it would be the same with https... However when i create a 2nd binding with https and create the xxx.com with no www it throws and error and doesnt work. Something I am missing?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
iis7

From novice to tech pro — start learning today.