HOW TO CONFIGURE SSL IN IIS AND HOW TO USE HTTPS INSTEAD OF HTTP

Nowadays Web Server security is a big concern and most of the organizations are now using SSL port instead of default 80 port in Webserver.

Why SSL?

The primary reason why SSL is used is to keep sensitive information sent across the Internet encrypted so that only the intended recipient can understand it. This is important because the information you send on the Internet is passed from computer to computer to get to the destination server. Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with a SSL certificate. When a SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to. This protects it from hackers and identity thieves.

Buying SSL certificate

SSL certificate is not free and there are few renowned company deal with this issue. For example VeriSign, which is now a part of Symantec (http://www.symantec.com/ssl-certificates)

How to install Certificate in IIS 7.0

  • Click on the Start menu, go to Administrative Tools, and click on Internet Information Services (IIS) Manager.
  • Click on the name of the server in the Connections column on the left. Double-click on ServerCertificates
  • In the Action column on right click on Import
  • Browse the certificate that you have purchased earlier and enter the password which provide by the certificate authority
  • Click on OK
  • The certificate we will available as shown in the below picture

Bind the Certificate to a website

  • From the connection column expand the site folder and click on the website that you want to bind the certificate. Click on Bindings under Actions column
  • Click on Add, Change the type to https and select the SSL certificate that you have installed earlier. Click on OK
  • You can also view the certification and check the validity by clicking on view button on the Add Site Binding Dialog box

Force Website only to use SSL

You can force a website only to use SSL, so that if a user sends any request using http instead of https the server will not send any reply.

  • From your website click on SSL Settings. Check Require SSL checkbox and click on Apply

You may need to restart IIS after doing the above configuration

Thanks, If you like this tutorial please share this article to your friends in FBTwitter,

Add a Comment

Your email address will not be published. Required fields are marked *