Tip/Trick: Enabling SSL on IIS 7.0 Using Self-Signed Certificates: ASP Alliance

Print Add To Favorites Email To Friend Rate This Article
Tip/Trick: Enabling SSL on IIS 7.0 Using Self-Signed Certificates

page 5 of 6

by Scott Guthrie
Feedback

Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 28612/ 50

Article Contents:

Step 4: Test out the Site

Add a "default.aspx" page to the site, and then try and hit it with the browser by typing https://localhost/default.aspx (note the usage of "https" instead of "http" to indicate that you want to connect over SSL).

If you are using IE7, you'll likely see this anti-phishing error message kick in

Figure 10

Don't panic if this happens - it is just IE being helpful by suggesting that a self-signed certificate on your local machine looks suspicious. Click the "Continue to this website" link to bypass this security warning and proceed to the site. You'll find that your default.aspx page is now running protected via SSL:

Figure 11

You are all done. :-)

Appendix: A Few Last SSL Notes

A few last SSL related notes:

The IIS 7.0 admin tool has an "SSL Settings" node that you can select for each site, directory or file that allows you to control whether that particular resource (and by default its children) requires an SSL request in order to execute. This is useful for pages like a login.aspx page, where you want to guarantee that users can only enter their credentials when they are posting via an encrypted channel. If you configure the login.aspx page to require SSL, IIS 7.0 will block browsers from accessing it unless they are doing so over SSL.

Within an ASP.NET page or handler, you can programmatically check whether the current request is using SSL by checking the Request.IsSecure property (it will return "true" if the incoming browser request is over SSL).

You can set the "requireSSL" attribute on the <forms> configuration section within web.config files to have ASP.NET's forms-authentication system ensure that forms-authentication cookies are only set and used on SSL enabled pages and URLs. This avoids the risk of a hacker trying to intercept the authentication cookie on a non-SSL secured page, and then trying to use a "replay attack" from a different machine to impersonate a user.

For more information on IIS 7.0, please read my earlier IIS 7.0 overview blog post. Also make sure to check out the www.iis.net website.

To read more of my "Tips and Tricks" blog posts, please visit my Tips and Tricks Summary Page.

Hope this helps,

Scott

« (Page 4)

View Entire Article

(Page 6) »

User Comments

Title: Ah solved it...
Name: Conrad
Date: 2011-04-26 7:55:38 AM
Comment:
RE: (Exception from HRESULT: 0x80070020)
If you get this... its Skype! Shut it down, restart the Site in IIS, then you can start Skype up again.

(Btw, in the Skype settings you can disable this rather rude hijack feature.)

Title: Hmmm... Nope
Name: Conrad
Date: 2011-04-26 7:34:13 AM
Comment:
After doing this, it stops the Site and on starting it says:
"The process cannot access the file because it is being usind by another process (Exception from HRESULT: 0x80070020)"

Title: could not connect to web server
Name: ssl test
Date: 2009-05-29 7:53:33 AM
Comment:
Hi

I followed the same steps mentioned by you to enable https....

but not working....message....could not connect to web server

Title: Set https for single page
Name: Varun Agarwal
Date: 2008-10-17 9:33:55 AM
Comment:
Hi Kati,

Yes, its possible to setup SSL on single page and not the entire web application.

Let me know your e-mail address, so that i can send you the steps.

Thanks
V

Title: How to use HTTPS and Host Headers at same time
Name: Varun Agarwal
Date: 2008-07-31 9:19:48 AM
Comment:
This is informative. However,more interesting question is: Is it possible to have SSL and host headers on same website in IIS 7.0.

Thanks
Varun

E-mail: agarwal.varun@hotmail.com

Title: set https for single page
Name: kati
Date: 2008-05-08 3:19:19 PM
Comment:
how to set https for a single webpage and not entire webapplication?

Product Spotlight