IIS does support both protocols (bindings) web site (look into IIS manager):
The bindings list informs about all the configured bindings for the website:
If you have a SSL certificate installed, you can create the https binding for the site directly: press “Add…” and set the parameters, finally select the certificate.
In most cases you do not have any SSL certificates for your development or test/staging environment and are looking for an easy alternative. Or you are going to create a https bindings for the local IIS7 website to be develop/test/debug your Web Application using Visual Studio – the URL used this way starts usually with http://localhost and conflicts with installed SSL certificate if any (the error message says, the certificate was issued for <machine name>, but URL uses localhost as machine name – certificate’s CN mismatch).
SSLDiag is you friend here
This free-of-charge IIS tool can be found on Microsoft downloads Website. It creates SSL certificate and “signs” the website for https binding.
Before you start, be sure to download the correct version: there are x86, x64 and ia64 versions of SSLDiag. None of them can replace another one – refer to your machine architecture and current OS version running.
Then download and setup the SSLDiag – freely using default settings.
After SSLDiag is installed, launch it as administrator (it is essential! otherwise SSLDiag cannot read the contents of IIS metabase) and inspect currently configured Websites:
The IDs in square brackets are IDs of configured Websites: you will need them to point SSLDiag to a Website you plan to instrument with https binding.
Assume, we like to add a https binding to Default Web Site (having mostly ID W2SVC/1)
- Open console window as Administrator and navigate to SSLDiag folder (usually %Program Files(x86)%/IIS Resources/SSLDiag):
- Launch following command:
>ssldiag /s:W3SVC/1 /selfssl /n:CN=localhost /v:500
where
/s:W3SVC/1 – ID of the Website to get https binding
/selfssl – the certificate to be created must be self-signed
/n:CN=localhost – the certificate must be issued for “localhost” machine; it is essential to develop/test/debug local Web Applications with Visual Studio
/v:500 – the certfiicate must be valid 500 days (or whatever time interval specified here in days) - Start SSLDiag UI and inspect the changes made:
- You may get following warning: #WARNING: SSL port (SecureBindings property) is not set
In this case got to IIS Manager and set the binding, selecting “localhost” certificate:
Ensure the selected certificate was issued for desired machine name (localhost) and is valid specified above number of days (press View to inspect certificate):
After you added https binding to your Website, you will see it in the bindings list:
…and IIS Manager will offer Browsing over the SSL Port (default 443) additionally to the usual http port 80:
So you finished: the website can now be accessed using http and https protocols:
Click on the lock symbol in address line (IE9 and some older versions) - and you get additional information about used SSL certificate:
and view certificate details:
Enjoy!
No comments:
Post a Comment