Adding encryption to your website

Using websites to pass data around the Internet is a staple of technology as we know it today. Installing even the simplest new tool or system will probably require you to download software or an update, or to register your information with a website. As an IT professional, I hope that you are familiar with HTTP versus HTTPS websites and the importance of distinguishing between the two. But now that we have a website running, how can we enable HTTPS on it so that we can protect this data that is traversing back and forth between our web server and the client computers?

It is typically the web developer's job to tell a website when to call for HTTPS, so you shouldn't have to worry too much about the actual content of the website. As the server administrator, however, you need to make sure that once HTTPS is called for on the website, your web server is capable of processing that traffic appropriately.

Getting ready

We are running a Server 2016 web server from which we will accomplish this task. There is a simple website currently running inside IIS on this server. Part of our recipe will be choosing an SSL certificate that we want to run on our website, so this recipe assumes that the certificate is already installed on your server. If you need assistance with the acquisition of the certificate itself, please refer to the Using a Certificate Signing Request to acquire your SSL certificate recipe.

How to do it…

To configure your website for HTTPS traffic, follow these steps:

  1. Launch Internet Information Services (IIS) Manager from the Tools menu inside Server Manager.
  2. In the left-hand window pane, expand your web server name and click on the Sites folder.
  3. Right-click on your website and choose Bindings....

    How to do it…

    Since it is a new website, you can see that there is only one binding listed currently. This binding is for port 80, which makes it an HTTP-only website. If you currently tried to access this site via HTTPS, it would fail. The port for HTTPS is 443, and so we need to add a new binding that uses port 443. A mistake that I have watched new admins make is to edit this existing binding and change it from 80 to 443. This will cause the website to only listen on port 443, or rather to only accept requests via HTTPS. This may be desirable in some instances, but not most. You generally want the website to respond to both HTTP and HTTPS requests.

  4. Go ahead and click the Add… button.
  5. Change the Type field to https. You will notice that the Port field changes to 443 automatically.
  6. If you only want this new binding to work on a particular IP address, choose it now. Otherwise, leave it set to All Unassigned to cause this new listener to be active on all IP addresses that exist on our server.
  7. Select the SSL certificate that you want IIS to use for authenticating requests to this website. HTTPS traffic is only encrypted and guaranteed to be safe from prying eyes because the tunnel is being validated by an SSL certificate that is specific to your website name. You must have an SSL certificate installed on the server so that you can choose it from the list here in order to create an HTTPS binding.

    How to do it…

  8. Click OK, then click Close. Your HTTPS binding is now active on this website.

How it works…

In this recipe, we used the IIS management console to add a second binding to our new website. This new binding is for accepting HTTPS traffic. We intend to run parts of this website as HTTP, and some more sensitive pages as HTTPS. Therefore, we created a second binding, enabling both HTTP and HTTPS traffic to flow successfully to and from this site. During the course of this recipe, we needed to choose the SSL certificate that the website is going to use in order to validate the HTTPS traffic that is coming in. There was already an SSL certificate installed on the server for our website; we simply had to choose it from the list.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.147.2.111