HTTPS is a secure communications channel used to exchange sensitive information such as User Credentials or Credit Card details between a client computer and server. It uses SSL which encrypts communication over the internet.
To setup a website for HTTPS, you need the following items:
- Web Server Certificate
- SSL Port
Import or Create Self-Signed Certificate
- Get a Web Server Certificate. You can generate your own Certificate in IIS or get one from a service such as Verisign.
- Open the Internet Information Services (IIS) Manager.
- Select the computer name under Connections.
- Double-click on Server Certificates.
- If you have a Certificate, click Import…
- If need to create a Certificate, click Create Self-Signed Certificate.
- Specify a friendly name for the certificate.
- Ensure that Web Hosting is selected for the certificate store.
- Click OK.
- The Certificate file will show in the Server Certificates table.
Configure the SSL Port for a Website
- Under Connections, select the website.
- Click Bindings.
- Click Add…
- In the Type field, select https.
- Default port is 443. You cannot click OK until you select the SSL certificate.
- In the SSL certificate drop-down, select the certificate.
- Click OK.
Note: Your website is now configured for SSL. It can be access by clicking Browse *:443 (https) under Browse Website.
Edit the Web.config File
- If you only use a non-secure connection (http://), add the comment command code <!– and –> at the beginning and end of the https services code.
- If you are using only secure (https://), add the comment command code <!– and –> at the beginning and end of the http services code.
- When using both non-secure and secure, the comment command code is not needed.
Note: The bindings in IIS and the Web.config file must match.