Hi,
This is just a question and not a problem. I have a site
that has an SSL cert. Under this site I probably have 50-
60 virtual directories. At the site level I do not have
SSL enabled, I do this at a directory label. I noticed
the other day that even directories that I have not
enabled SSL on, I am able to reach them by putting
https:// and my browser shows them as secure. I am
certain that at the top level SSL is not enabled (it is
possible that in the past it was). Just to test I created
a new Virtual Directory and sure enough I can access it
securely. Is this some sort of default behavior for IIS
or is something incorrectly configured on my box?
Thanks!

[ Post a follow-up to this message ]

Hi,

Yes, this is by design. If you install certificate and set the SSL port
(this has to be done on "top level") then users can connect to the site
using SSL -- even if you don't force it (there is nothing stopping users
from connecting)...

Mike

"Ishmealm" <anonymous@discussions.microsoft.com> wrote in message
news:058601c4b142$7a771940$a401280a@phx.gbl...
> Hi,
> This is just a question and not a problem. I have a site
> that has an SSL cert. Under this site I probably have 50-
> 60 virtual directories. At the site level I do not have
> SSL enabled, I do this at a directory label. I noticed
> the other day that even directories that I have not
> enabled SSL on, I am able to reach them by putting
> https:// and my browser shows them as secure. I am
> certain that at the top level SSL is not enabled (it is
> possible that in the past it was). Just to test I created
> a new Virtual Directory and sure enough I can access it
> securely. Is this some sort of default behavior for IIS
> or is something incorrectly configured on my box?
> Thanks!

[ Post a follow-up to this message ]

SSL is not configurable at a directory level. Server Certificates (what SSL
uses for identificatin of the server) are assigned to a server, not a
directory. This is the way that these certificates work (so, it's nothing to
do with IIS per se).

Now, you can require SSL on a directory by directory basis (this stops
clients connecting without using SSL), but you can't stop a client using SSL
on a directory where SSL is optional.

Cheers
Ken

"Ishmealm" <anonymous@discussions.microsoft.com> wrote in message
news:058601c4b142$7a771940$a401280a@phx.gbl...
> Hi,
> This is just a question and not a problem. I have a site
> that has an SSL cert. Under this site I probably have 50-
> 60 virtual directories. At the site level I do not have
> SSL enabled, I do this at a directory label. I noticed
> the other day that even directories that I have not
> enabled SSL on, I am able to reach them by putting
> https:// and my browser shows them as secure. I am
> certain that at the top level SSL is not enabled (it is
> possible that in the past it was). Just to test I created
> a new Virtual Directory and sure enough I can access it
> securely. Is this some sort of default behavior for IIS
> or is something incorrectly configured on my box?
> Thanks!

[ Post a follow-up to this message ]

Thanks to both of you!  That is exactly what I wanted to
know.


>-----Original Message-----
>SSL is not configurable at a directory level. Server
Certificates (what SSL
>uses for identificatin of the server) are assigned to a
server, not a
>directory. This is the way that these certificates work
(so, it's nothing to
>do with IIS per se).
>
>Now, you can require SSL on a directory by directory
basis (this stops
>clients connecting without using SSL), but you can't
stop a client using SSL
>on a directory where SSL is optional.
>
>Cheers
>Ken
>
>"Ishmealm" <anonymous@discussions.microsoft.com> wrote
in message
>news:058601c4b142$7a771940$a401280a@phx.gbl... 
site[vbcol=seagreen] 
50-[vbcol=seagreen] 
created[vbcol=seagreen] 
>
>
>.
>

[ Post a follow-up to this message ]