Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2016-07-05 09:25:31.0

How do I force SSL in IIS 5 or IIS 6 on a directory and use a redirect?

Article Number: 42986

This article assumes you already have an SSL certificate installed on your IIS 5 or IIS 6 server.

In the below example, we will use OWA and force SSL on the /exchange directory.

You can only turn on SSL if you've installed a certificate. Once that's done, you can enable or require SSL for any or all of the directories served by IIS on that machine. 

1. Open the Computer Management snap-in on your Exchange server. Expand the Services and
    Applications node, then the Internet Information Services node.
2. Expand the Default Web Site node, then find the Exchange directory. Right-click it and
    choose the Properties command.
3. Click the Directory Security tab. In the Secure Communications control group, the View
    Certificate and Edit buttons should be active. If they're not, your certificate isn't
    installed properly—you'll have to fix it before proceeding.
4. Click the Edit button in the Secure Communications group. You'll see the Secure Communications dialog box.
5. Check the "Require secure channel (SSL)" checkbox. You can optionally check the "Require 128-bit encryption" box as well. Doing     so gives you better security, but some clients may not be able to connect.

Once you've made these changes, you should be able to open your mailbox by typing
https://yourServerName/exchange/yourMailbox. You should not be able to open it with an ordinary http URL.


Action Try opening your mailbox with and without SSL. Verify that you cannot open it without using https:// as the URL prefix.

Automatically Redirect Users to the SSL Site

Once you've configured IIS to require the use of SSL, you may also want to automatically redirect users to the secure directory; that way, users who can't remember to use https:// can still get their mail without bothering you. To do this, you'll need to create a file named ssl-redirect.asp in your sites' server's inetpub\wwwroot\siteasp directory. In that file, paste the following code:

<%
If Request.ServerVariables("SERVER_PORT")=80  Then
Dim strRedirURL
strRedirURL = "https://" & Request.ServerVariables("SERVER_NAME")
 strRedirURL = strRedirURL & "/yourfolder"
Response.Redirect strRedirURL
End If
%>

Next, follow these instructions to tell IIS to map error 403.4 to the ssl-redirect.asp file. Every time IIS encounters that particular error, it will execute the ASP code, which automatically redirects the user to the correct page.

Further reading

http://support.microsoft.com/default.aspx?scid=kb;en-us;302570&sd=tech
HOW TO: Configure Custom Error Messaging for Your Web Site in IIS
SUMMARY
This step-by-step guide describes how to configure Internet Information Services (IIS) to send custom error messages instead of the default Hypertext Transfer Protocol (HTTP) error messages.

TN5707

Affected Products:

  • Entrust Certificate Services 1 Year SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 2 Year SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable