How to configure auto-SSL redirect on IIS v6.0

   Posted by: Dante   in General

Since our webserver resides on IIS here at our company (SBS 2003), I had to secure one of the websites and make sure that whomever tried to access it via HTTP was automatically and transparently transferred over to HTTPS. There’s no “1-click” way to do it in IIS, it must be done in one of 2 ways:

1) Edit the HTML files to do a redirect

2) Use a redirection website

Since there was a bunch of PHP/HTML/other files in that particular website, it seemed much simpler to just go with the second option. Here’s a rundown of the steps to do it:

  1. Open IIS Manager and select properties for the website for which you want to require SSL. For HTTP port, use anything other than 80, like 8989. For SSL port, use the default 443.
  2. Now go to the “Directory Security” tab, click Secure Communications, click Edit, check the “Require secure channel (SSL)” box and check the “Require 128-bit encryption” box too. Restart IIS. If you try to browse http://yourserver.com:8888 you should receive a “The page must be viewed over a secure channel” message. If not, something is not working properly.
  3. Now, create a new website in IIS, then name it something like “SSL redir for yourserver.com”. Choose port 80 as the HTTP port. For path, point it to anywhere in your server, like C:inetpubwwwroot (this doesn’t matter, we’re gonna change it). Give it read permissions. Now go to the properties of the newly created website, and select the “Home Directory” tab. Change “The content for this resource should come from:” to “A redirection to a URL”. In the “Redirect to:” textbox, enter https://yourserver.com. You can also optionally select “A permanent redirection for this resource”, which will cause bookmarks to update to the new URL. DO NOT select “The exact URL entered above” or “A directory below URL entered”. Restart IIS. Now try to browse to http://yourserver.com and it should redirect to https://yourserver.com automatically.

Little note: the redirect URL is sent back to the client, so if you type https://localhost as the redirect, the client browser will try to redirect to localhost on the client machine, which won’t exist. Same thing exists for NetBIOS names.

(Original source by James Kovacs, www.jameskovacs.com)

Tags: , , , , ,

This entry was posted on Monday, January 26th, 2009 at 1:52 pm and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One comment


Here is a similar tutorial I have written with additional examples specific to Exchange and Query String redirection:


November 11th, 2009 at 10:14 pm

One Trackback/Ping

  1. How to configure auto-SSL redirect on IIS v6.0 | PHP-Blog.com    Jan 26 2009 / 7pm:

    […] How to configure auto-SSL redirect on IIS v6.0 Related ArticlesBookmarksTags How to Use the PHP Include Statement Saving time on a web […]

Leave a reply

Name (*)
Mail (will not be published) (*)