What do I need to know to create a website that uses HTTPS?

Question

I know ASP.NET, and know why people use HTTPS and I know a bit about IIS, but I have never created a HTTPS website or page in my site.

1. How can I create a HTTPS website?
2. How can I only make my login page HTTPS in a normal HTTP project?
3. Are there any other considerations I need to be aware of when using HTTPS?

Answer 1

Look here

Answer 2

1. In IIS7 you simply add https binding to website on which you want to use SSL. For this is necessary to have a certificate. You can use self-signed certificate or buy it from VeriSign, Thawte,...

2. You can use your pages same way as in http. SSL is not for user autentication, but for securing communication chanel. You can only check if is used secure connection

   if (Request.IsSecureConnection) { }

Answer 3

1. HTTPS means HTTP and SSL. So to create a HTTPS website, you need to create a normal website and a SSL layer to ensure the secure connection between your web server and web browser. Your web server will need a SSL certificate that you can generate yourself for private or development purpose or to get a trusted certificate from a trusted vendors.

2. Redirect your login page to https://yoursite/loginpage to obtain a HTTPS page.

3. You can get a free SSL certificate from cert.startcom.org