|
Home > Archive > IIS Server Security > October 2004 > SSL Security
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Ishmealm 2004-10-15, 9:25 pm |
| Hi,
This is just a question and not a problem. I have a site
that has an SSL cert. Under this site I probably have 50-
60 virtual directories. At the site level I do not have
SSL enabled, I do this at a directory label. I noticed
the other day that even directories that I have not
enabled SSL on, I am able to reach them by putting
https:// and my browser shows them as secure. I am
certain that at the top level SSL is not enabled (it is
possible that in the past it was). Just to test I created
a new Virtual Directory and sure enough I can access it
securely. Is this some sort of default behavior for IIS
or is something incorrectly configured on my box?
Thanks!
| |
| Miha Pihler 2004-10-15, 9:25 pm |
| Hi,
Yes, this is by design. If you install certificate and set the SSL port
(this has to be done on "top level") then users can connect to the site
using SSL -- even if you don't force it (there is nothing stopping users
from connecting)...
Mike
"Ishmealm" <anonymous@discussions.microsoft.com> wrote in message
news:058601c4b142$7a771940$a401280a@phx.gbl...
> Hi,
> This is just a question and not a problem. I have a site
> that has an SSL cert. Under this site I probably have 50-
> 60 virtual directories. At the site level I do not have
> SSL enabled, I do this at a directory label. I noticed
> the other day that even directories that I have not
> enabled SSL on, I am able to reach them by putting
> https:// and my browser shows them as secure. I am
> certain that at the top level SSL is not enabled (it is
> possible that in the past it was). Just to test I created
> a new Virtual Directory and sure enough I can access it
> securely. Is this some sort of default behavior for IIS
> or is something incorrectly configured on my box?
> Thanks!
| |
| Ken Schaefer 2004-10-15, 9:25 pm |
| SSL is not configurable at a directory level. Server Certificates (what SSL
uses for identificatin of the server) are assigned to a server, not a
directory. This is the way that these certificates work (so, it's nothing to
do with IIS per se).
Now, you can require SSL on a directory by directory basis (this stops
clients connecting without using SSL), but you can't stop a client using SSL
on a directory where SSL is optional.
Cheers
Ken
"Ishmealm" <anonymous@discussions.microsoft.com> wrote in message
news:058601c4b142$7a771940$a401280a@phx.gbl...
> Hi,
> This is just a question and not a problem. I have a site
> that has an SSL cert. Under this site I probably have 50-
> 60 virtual directories. At the site level I do not have
> SSL enabled, I do this at a directory label. I noticed
> the other day that even directories that I have not
> enabled SSL on, I am able to reach them by putting
> https:// and my browser shows them as secure. I am
> certain that at the top level SSL is not enabled (it is
> possible that in the past it was). Just to test I created
> a new Virtual Directory and sure enough I can access it
> securely. Is this some sort of default behavior for IIS
> or is something incorrectly configured on my box?
> Thanks!
| |
| Ishmealm 2004-10-15, 9:25 pm |
| Thanks to both of you! That is exactly what I wanted to
know.
>-----Original Message-----
>SSL is not configurable at a directory level. Server
Certificates (what SSL
>uses for identificatin of the server) are assigned to a
server, not a
>directory. This is the way that these certificates work
(so, it's nothing to
>do with IIS per se).
>
>Now, you can require SSL on a directory by directory
basis (this stops
>clients connecting without using SSL), but you can't
stop a client using SSL
>on a directory where SSL is optional.
>
>Cheers
>Ken
>
>"Ishmealm" <anonymous@discussions.microsoft.com> wrote
in message
>news:058601c4b142$7a771940$a401280a@phx.gbl...
site[vbcol=seagreen]
50-[vbcol=seagreen]
created[vbcol=seagreen]
>
>
>.
>
|
|
|
|
|