We have not purchased an SSL certificate so the user of our website has to click to "approve" the website everytime they use it. Is there a quick way to redirect all https:// traffic to http:// for now in IIS 7? So that all content is served as under http://
By the way I DO NOT have "Require SSL" ticked under SSL settings.
Also if I purchase an SSL certificate, how would I point it so that IIS 7 on my server can use it and allow the user entry without warning them everytime?
Thanks!
Is there a quick way to redirect all https:// traffic to http:// for now
Not really. The redirect can be done, of course, but the redirect response itself must be signed with a trusted certificate or the user will get the same warning as before.
This makes sense: otherwise, a man-in-the-middle attacker could simply respond to a user's HTTPS request with a redirect to HTTP (or a different HTTPS site) and take over the browsing session, defeating the purpose of SSL.
If you get your certificate signed by a trusted CA you can just import it in the same way as the current self-signed cert. Some CAs may require extra cert chains but that's CA-specific: you'll find the relevant details for setting up web servers including IIS7 with those certs on all good CA sites.