Using websites to pass data around the Internet is a staple of technology as we know it today. Installing even the simplest new tool or system will probably require you to download software or an update, or to register your information with a website. As an IT professional, I hope that you are familiar with HTTP versus HTTPS websites and the importance of distinguishing between the two. But now that we have a website running, how can we enable HTTPS on it so that we can protect this data that is traversing back and forth between our web server and the client computers?
It is typically the web developer's job to tell a website when to call for HTTPS, so you shouldn't have to worry too much about the actual content of the website. As the server administrator, however, you need to make sure that once HTTPS is called for on the website, your web server is capable of processing that traffic appropriately.
We are running a Server 2016 web server from which we will accomplish this task. There is a simple website currently running inside IIS on this server. Part of our recipe will be choosing an SSL certificate that we want to run on our website, so this recipe assumes that the certificate is already installed on your server. If you need assistance with the acquisition of the certificate itself, please refer to the Using a Certificate Signing Request to acquire your SSL certificate recipe.
To configure your website for HTTPS traffic, follow these steps:
Since it is a new website, you can see that there is only one binding listed currently. This binding is for port 80, which makes it an HTTP-only website. If you currently tried to access this site via HTTPS, it would fail. The port for HTTPS is 443, and so we need to add a new binding that uses port 443. A mistake that I have watched new admins make is to edit this existing binding and change it from 80 to 443. This will cause the website to only listen on port 443, or rather to only accept requests via HTTPS. This may be desirable in some instances, but not most. You generally want the website to respond to both HTTP and HTTPS requests.
443
automatically.
In this recipe, we used the IIS management console to add a second binding to our new website. This new binding is for accepting HTTPS traffic. We intend to run parts of this website as HTTP, and some more sensitive pages as HTTPS. Therefore, we created a second binding, enabling both HTTP and HTTPS traffic to flow successfully to and from this site. During the course of this recipe, we needed to choose the SSL certificate that the website is going to use in order to validate the HTTPS traffic that is coming in. There was already an SSL certificate installed on the server for our website; we simply had to choose it from the list.
3.147.2.111