Adding SSL to IIS Application

Hello All,

I have an Website with many sub applications... 1 of which is now grabbing bank info and passing it to the banks for payment options/etc... My website on all other apps I dont feel need the https... How do i go about installing it on just the application? This app is in .net so we do require a login on this application so i figure I would SSL it from that point. Anyone have any step by steps on how to do this without interupting anything else on my IIS server? IIS 7 on Win 2008 r2.
gsswho6Asked:
Who is Participating?
 
David FavorConnect With a Mentor Linux/LXD/WordPress/Hosting SavantCommented:
Only if you've enabled HSTS, something like this in your config file....

# Enable HTTP Strict Transport Security with a 2 year duration
Header always set Strict-Transport-Security "max-age=63072000; preload"

Open in new window


To better answer your question, describe what you mean by apps, as this has no meaning as a generic term.

If all these apps are running HTTP (which seems to be what your last update suggests), then if they use the same host name, then you'll have to split them onto separate IPs... if you're using HSTS.

To better answer your question, provide real URLs to each of your apps + likely someone can answer you.

And simple approach is wrap everything in SSL. There's no downside anymore, as SSL normally runs as fast + sometimes faster than non-SSL now. Especially as TLS handling has moved out of user space to Kernel space with Kernel-4.13 which just released + HTTP2 pipelining/multiplexing.
1
 
Hemil AquinoNetwork EngineerCommented:
If you are hosting your website you can create a CTR file with the required information via IIS.
Now, keep in mind that the certificate it's to secure end to end connectivity and nothing else. so if you are having a website application, the certificate will make sure that anything the client type it's encrypted. It doesnt matter whether you have a login form or not. it's just a secure socket.

I have found a good link that will help you to configure and understand how to install a certificate.
https://www.sslshopper.com/article-installing-an-ssl-certificate-in-windows-server-2008-iis-7.0.html
0
 
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
If I understand your question, a few thoughts.

1) Because of the way HTTP2 is tool, using HTTP2 + new SSL optimizations tend to dramatically speed up HTTP based transactions.

If the apps you mention are all HTTP, then you can only gain by wrapping them in HTTP2 + SSL.

2) SSL is on a per IP basis, so if your apps are HTTP, then the only way to run them as non-SSL is to attach them to a different port.

If your using the HSTS header, as you should be, then you'll likely have to place all your non-ssl apps on another IP.

Your question will require much more detail, about your entire app ecosystem - all apps running + IPs + ports + whether your using HTTP for for all apps + if your running HTTP1.1 or HTTP2.

With this additional information, likely people can assist you.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
gsswho6Author Commented:
Everything is http on 1 IP no different ports... Main website with multiple application below it. What you are saying is that since SSL is bound to 1 IP that everything on that 1 IP is affected?
0
 
gsswho6Author Commented:
Bump
0
 
gsswho6Author Commented:
Appreciate that... I am thinking now it would just be best to SSL the entire site...  Is the best step by step the one Hemil linked? I was just worried that applying SSL to the entire site would have an affect on all my other applications/etc, which shouldnt correct?
0
 
gsswho6Author Commented:
I pretty much have everything in order...  SSL certificates are both downloaded to my local server. I believe now i just need to install them/complete the certificate request and then do the https binding.... Anything I should look for when doing this? Shall i expect any of my sub application to potentially have problems?
0
 
gsswho6Author Commented:
Got everything working great however i have 1 issue and its probably something simple I am missing.

In the bindings i have https and use hostname https://www.xxx.com and it works great  however just https://xxx.com doesn resolved... So just like i did with http in creating a binding for both www/no www I figured it would be the same with https... However when i create a 2nd binding with https and create the xxx.com with no www it throws and error and doesnt work. Something I am missing?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.