I don't know what happened but I think my IIS is broken.
When I was setting up my website to use the https 443, I created a binding and a self-signed certificate. It's working fine but after I revert back all the changes I did and removed the bindings my site always redirects to https even though the https bindings is disabled. How can I revert it back to its original state where it's working on an http binding only.
I already tried re-installing my IIS and all its features but nothing happens, it still routes to https:\localhost.
Related
I am currently working on an .NET 5 & SignalR application and in localhost everything seems to be working fine. When I try to deploy it to IIS pre-production Server which doesn't have a SSL certificate configured, pages other than Login are showing the message "This site can’t provide a secure connection". In the login page from the browser console I can see that most of me javascript and css files aren't loaded with the error "Failed to load resource: net::ERR_SSL_PROTOCOL_ERROR". Also from what I can see after user logs in, the request is redirected to Https.
I have removed app.UseHttpsRedirection(); from the Startup and disabled SSL in the Debug properties of the application. That seems to be a wired behavior because I used to deploy applications in .NET CORE before and didn't have these kind of problems. is there any way around this problem, except configuring an SSL certificate?
From the suggestions in server fault, configuring a self-signed certificate provided by IIS itself seems to be the problem solver. Still I don't get why the application was making that https redirection, but anyways in case someone else has this kind of issue.
I tried to setup automatic Let's Encrypt certification for a domain using this libray
It is easy to setup and I hosted it in IIS.After some errors couldn't make it work.
Finally I tried running app with Kestrel as end server, without IIS and i automatically got certificate and everything worked fine.
But my requirement is IIS hosted application because I already have some applications hosted on IIS all of them behind port 80/applicationName/
First problem I came upon is and also my first question: How can I even get to application using https(to auto get certificate) when I can't add IIS binding without certificate?
I assumed I must UseHsts() and UseHttpsRedirection() so I added it to startup of my application.
After some time and few different combinations of settings I got it work partially.
My application got certificate from LetsEncrypt and reported no errors, but when I access it in browser on http I get redirect to https and nothing there.(Still no binding for https in IIS).
My second question would be: How to properly configure https redirection from IIS to Kestrel in order to use my automatically acquired certificate?
create a dummy certificate in IIS, assign it to your site, save.
Go into IIS again and delete that certificate, if you check your bindings you'll find it as https, but certificate is empty.
Thanks
I have setup load balancing server with Application request routing on IIS, it's working fine but I am facing issue with https requests, they are being redirect(301) and in post call it's losing the post data.
I have disabled SSL offloading but still the https post requests are failing and taking me to login page due to post data not being forwarded to ARR or something.
Thanks
for now, I have added * binding and that seems to be working, not sure why it doesn't work when I specify the domain name in binding. but it's sorted by problem so good for now, but will be better to know how it will work with domain name in the binding.
I have an IIS 6.0 server and I'm no longer using an SSL certificate (Don't need it anymore because of some functional changes, don't have a valid one I can use). Is there a way for me to redirect users to the http site who already have the https one bookmarked?
I tried using a self signed certificate and rewriting the URL to the http version but browsers get a warning about the self signed certificate before I can redirect using web.config.
I also tried removing port 443 as an HTTPS binding and adding port 443 as an HTTP binding but it didn't work. When I tried to start the web site I got an error indicating the port was already in use.
No, you can't.
Redirections from HTTPS to HTTP happen after the initial HTTPS request has been made, and this request expects a valid certificate to be used.
If what you'd like to do was possible, downgrade MITM attacks would be far too easy to perform.
Perhaps turning off port 443 completely might make your users try plain HTTP too, although they really should consider this to be a potential attack if they don't know your site.
It is not possible what you want because it first has to do the SSL connect (which causes the warning) before it gets the HTTP redirect. And, this questions is asked nearly daily so you should have find enough answers to it.
I have a client who wants to set up SSL on a new directory on their website. They already have one directory using SSL. BUT, when I go into IIS, even the current encrypted directory isn't set up to require SSL. And, when I set either the new or old directory to require SSL it returns and error page stating that I need to call the page over https (which I did), no matter what.
We are not running in a farm. This is a single web server with no load balancing or proxy that I know of. 443 is not blocked. The log files shows a request for the page over 443, but redirects to http. What could be handling the encryption?
ASP.NET 2.0 APP running on IIS 6.0.
Any help is appreciated.
Thx,
T
Your comment "The log files shows a request for the page over 443, but redirects to http" implies yours pages are being sent over port 80. If this is the case what makes you think your pages are being encryted?
Another thought - are you running any ISAPI extensions such as Helicon?