Can IIS have https binding without certificate? - asp.net-core

I tried to setup automatic Let's Encrypt certification for a domain using this libray
It is easy to setup and I hosted it in IIS.After some errors couldn't make it work.
Finally I tried running app with Kestrel as end server, without IIS and i automatically got certificate and everything worked fine.
But my requirement is IIS hosted application because I already have some applications hosted on IIS all of them behind port 80/applicationName/
First problem I came upon is and also my first question: How can I even get to application using https(to auto get certificate) when I can't add IIS binding without certificate?
I assumed I must UseHsts() and UseHttpsRedirection() so I added it to startup of my application.
After some time and few different combinations of settings I got it work partially.
My application got certificate from LetsEncrypt and reported no errors, but when I access it in browser on http I get redirect to https and nothing there.(Still no binding for https in IIS).
My second question would be: How to properly configure https redirection from IIS to Kestrel in order to use my automatically acquired certificate?

create a dummy certificate in IIS, assign it to your site, save.
Go into IIS again and delete that certificate, if you check your bindings you'll find it as https, but certificate is empty.
Thanks

Related

Deploying .NET 5 to IIS Server with SSL disabled

I am currently working on an .NET 5 & SignalR application and in localhost everything seems to be working fine. When I try to deploy it to IIS pre-production Server which doesn't have a SSL certificate configured, pages other than Login are showing the message "This site can’t provide a secure connection". In the login page from the browser console I can see that most of me javascript and css files aren't loaded with the error "Failed to load resource: net::ERR_SSL_PROTOCOL_ERROR". Also from what I can see after user logs in, the request is redirected to Https.
I have removed app.UseHttpsRedirection(); from the Startup and disabled SSL in the Debug properties of the application. That seems to be a wired behavior because I used to deploy applications in .NET CORE before and didn't have these kind of problems. is there any way around this problem, except configuring an SSL certificate?
From the suggestions in server fault, configuring a self-signed certificate provided by IIS itself seems to be the problem solver. Still I don't get why the application was making that https redirection, but anyways in case someone else has this kind of issue.

Add SSL Cert to Net Core application in Windows VPS

So,
I currently have a net core web api running in a windows VPS (amongst other things). When I make requests to this api, I would like to do so using https. It seems I need to have an SSL Cert on this VPS (which does not have a domain, just an IP).
The https API is on xxx.xxx.xxx.xxx:443
The net core application is published into a self-contained package and run as an .exe (i think using IIS express)
Ideally I would like to use a free SSL cert from something like zerossl.com or any viable alternative you may suggest
How can I go about making it so that if I access xxx.xxx.xxx.xxx:443/api/values, I get a secured icon in my browser?
Thanks
It seems I need to have an SSL Cert on this VPS (which does not have a domain, just an IP)
It is impossible to bind SSL Certificate to IP address.It must bind to domain.

How to make the azure web site as https enabled?

I would like to make my azure web site as https enabled one. As exactly like https://mysite.azurewebsites.net. Though I have uploaded my SSL certificate in certificate section in web site configuration tab its not redirecting automatically. Is there any other settings I have to enable?
Appreciate your help.
So to clarify the sequence of steps:
After you configure your custom domain properly, then h_ttp://customdomain.com will point to mysite.azurewebsites.net.
After you bind an SSL certificate to a custom domain in a web app, then h_ttps://customdomain.com will point to mysite.azurewebsites.net, using the bound SSL cert. If you still can't access h_ttps://customdomain.com, then you need to check whether you've configured your domain records properly at the domain registrar.
At this point, h_ttp://customdomain.com will continue to work. If you want to enforce HTTPS for your web app, see http://azure.microsoft.com/en-us/documentation/articles/web-sites-configure-ssl-certificate/#bkmk_enforce.

WCF : Could not establish trust relationship for the SSL/TLS secure channel with authority error

I have a client site that when a button is clicked it calls a wcf web service. The client site is http, while the url for the web service is https and requires a certificate. I have a valid signed private key certificate I am using.
Everything works fine on my localhost; however, after deploying to a windows 2003 server running iis 6, I get the below error when the web service is called:
Could not establish trust relationship for the SSL/TLS secure channel
with authority "host's url"
I added the cert to the store, using same web.config that works locally. I have validated that the web service call finds and sets the valid X509Certificate.
Not sure what I am missing, and I don't want to override the servicepiont manager to return true every time.
Any ideas or things I might looks into?
Found the problem.
The root certificate which the host of the web service uses was not trusted by my server. (not sure why it was on my local machine and not my server). I found this out by opening the host's url in a web browser from the server to view their wsdl and got the security warning.
Remedy: went to the issuer's site downloaded their root cert and added to my trusted root certifcation authorities.
Bam, it works now.
If it is a private cert it must be added to both the client and the server as no client can validate its root key.

What is SSL encrypting my web pages if IIS isn't?

I have a client who wants to set up SSL on a new directory on their website. They already have one directory using SSL. BUT, when I go into IIS, even the current encrypted directory isn't set up to require SSL. And, when I set either the new or old directory to require SSL it returns and error page stating that I need to call the page over https (which I did), no matter what.
We are not running in a farm. This is a single web server with no load balancing or proxy that I know of. 443 is not blocked. The log files shows a request for the page over 443, but redirects to http. What could be handling the encryption?
ASP.NET 2.0 APP running on IIS 6.0.
Any help is appreciated.
Thx,
T
Your comment "The log files shows a request for the page over 443, but redirects to http" implies yours pages are being sent over port 80. If this is the case what makes you think your pages are being encryted?
Another thought - are you running any ISAPI extensions such as Helicon?