Hi,
We are planning to move our website to https, which currently running on only http only.
Web site is running on IIS7 in Windows 2008 server.
Do I need to update/modify any configuration settings in the website to make it work on HTTPS? Is it fine just installing certifictes?
Please tell if there are any setting needs to be updated/modified?
Thanks
nRk
It depends on how you handle the linking of external assets inside your application.
If you use relative paths to reference internal assets and don't link to any files/scripts hosted on other servers, then you should be fine.
If you use full paths to reference assets, for example:
<img src="http://foo.bar.my.site/image.png" />
Or reference external assets:
<script src="http://code.jquery.com/jquery-1.4.2.min.js"></script>
Then you are going to get errors in most browsers about mixing secure and non-secure content.
A walk through of setting up SSL on IIS 7 is available at http://learn.iis.net/page.aspx/144/how-to-set-up-ssl-on-iis-7/
As mentioned in another answer, your site itself must contain relative paths or you will get mixed content warnings. It may be enough to simply do a search and replace of HTTP: with HTTPS: throughout your source files.
Justin is right on the the money with problems arriving from non relative paths and from using mixed script sources. The best thing that you can do is set up a stagging server and test your application on it using https. You can enable Https without getting a certificate for your stagging server though you will get a nice message about the stagging servers certificate from your browser thought everything else should work the same and allow you to plan for the migration