I have installed a Certificate and it seems correct but I am not doing
something correctly. IIS5, Server 2000. I used FrontPage to create a sub
site 'test2" and checked the "require secure connection" option. FrontPage
see the site as https//www.blah.blah/test2

When I brows to it https//www.blah.blah/test2 and http//www.blah.blah/test2
both work. So is there something I should be doing in IIS to restrict access
to https only?

Thanks

John

[ Post a follow-up to this message ]

Sometime you need to clear your browser cache. See if that works

"John Brennan" wrote:

> I have installed a Certificate and it seems correct but I am not doing
> something correctly. IIS5, Server 2000. I used FrontPage to create a sub
> site 'test2" and checked the "require secure connection" option. FrontPage
> see the site as https//www.blah.blah/test2
>
> When I brows to it https//www.blah.blah/test2 and http//www.blah.blah/test
2
> both work. So is there something I should be doing in IIS to restrict acce
ss
> to https only?
>
> Thanks
>
> John
>
>
>

[ Post a follow-up to this message ]

There are two areas that control SSL in a FP web site.

The FrontPage server extensions administration tool (a blue and white web
site) where you can check "require ssl".  That one dictates that you edit
with FrontPage in SSL. (it's supposed to anyway, I don't use it)

There is also a setting in IIS concerning forcing all connections to use
HTTPS.  Checking that on a folder will cause a 503 error page to appear
instead of the actual page if the user attempts to use HTTP rather than
HTTPS.

You are getting these two.  You are BROWSING which is the second option
above.  FrontPage (I expect) will not let you log in unless you use HTTPS
mode in the "Open Web" option. (The first option has _nothing_ to do with
how browsing occurs.)

So... the question is what are you trying to accomplish?

Users view the site in HTTPS?

Or editing in HTTPS so non-NTLM passwords are safe from a network full of
bored college students with packet sniffers?

Those are separate problems that need to be treated separately for
solutions.

"John Brennan" <brennan@ohiou.edu> wrote in message
news:eaikkGLhGHA.1324@TK2MSFTNGP04.phx.gbl...
>I have installed a Certificate and it seems correct but I am not doing
>something correctly. IIS5, Server 2000. I used FrontPage to create a sub
>site 'test2" and checked the "require secure connection" option. FrontPage
>see the site as https//www.blah.blah/test2
>
> When I brows to it https//www.blah.blah/test2 and
> http//www.blah.blah/test2 both work. So is there something I should be
> doing in IIS to restrict access to https only?
>
> Thanks
>
> John
>
>

[ Post a follow-up to this message ]

My goal was to users view the pages in https.

Thanks
John
"Funkadyleik Spynwhanker" <youreallywantoemailmepunk?@winblows.gov> wrote in
message news:447db0c0$1_2@newspeer2.tds.net...
> There are two areas that control SSL in a FP web site.
>
> The FrontPage server extensions administration tool (a blue and white web
> site) where you can check "require ssl".  That one dictates that you edit
> with FrontPage in SSL. (it's supposed to anyway, I don't use it)
>
> There is also a setting in IIS concerning forcing all connections to use
> HTTPS.  Checking that on a folder will cause a 503 error page to appear
> instead of the actual page if the user attempts to use HTTP rather than
> HTTPS.
>
> You are getting these two.  You are BROWSING which is the second option
> above.  FrontPage (I expect) will not let you log in unless you use HTTPS
> mode in the "Open Web" option. (The first option has _nothing_ to do with
> how browsing occurs.)
>
> So... the question is what are you trying to accomplish?
>
> Users view the site in HTTPS?
>
> Or editing in HTTPS so non-NTLM passwords are safe from a network full of
> bored college students with packet sniffers?
>
> Those are separate problems that need to be treated separately for
> solutions.
>
> "John Brennan" <brennan@ohiou.edu> wrote in message
> news:eaikkGLhGHA.1324@TK2MSFTNGP04.phx.gbl... 
>
>

[ Post a follow-up to this message ]

You need to check the box in IIS then.

Though, that's a really bad way to do it.

You are much better off getting and using a very common ASP redirect script
that redirects any user opening a page in HTTP to HTTPS.

It's in a KB article somewhere concerning forcing SSL in Exchange server,
but works on any site with IIS. (Or, probably Google groups has an archive
of similar discussions that have it.)

"John Brennan" <brennan@ohiou.edu> wrote in message
news:O6ARiqMhGHA.4404@TK2MSFTNGP05.phx.gbl...
> My goal was to users view the pages in https.
>
> Thanks
> John
> "Funkadyleik Spynwhanker" <youreallywantoemailmepunk?@winblows.gov> wrote
> in message news:447db0c0$1_2@newspeer2.tds.net... 
>
>

[ Post a follow-up to this message ]

Thanks
"Funkadyleik Spynwhanker" <youreallywantoemailmepunk?@winblows.gov> wrote in
message news:447de564$1_3@newspeer2.tds.net...
> You need to check the box in IIS then.
>
> Though, that's a really bad way to do it.
>
> You are much better off getting and using a very common ASP redirect
> script that redirects any user opening a page in HTTP to HTTPS.
>
> It's in a KB article somewhere concerning forcing SSL in Exchange server,
> but works on any site with IIS. (Or, probably Google groups has an archive
> of similar discussions that have it.)
>
> "John Brennan" <brennan@ohiou.edu> wrote in message
> news:O6ARiqMhGHA.4404@TK2MSFTNGP05.phx.gbl... 
>
>

[ Post a follow-up to this message ]