How To Setup HTTPS Enabled Web Site

HTTP (Hypertext Transfer Protocol) is the normal web protocol that define how to browse a web site's content using its domain name. In HTTP data transmission between client machine and web server machine as means of plain text streams. Any person in between client machine and web server machine can read these information transfer through. If the data transmission should be secured and only authorized persons should be readable then it is needed to follow few steps further. There are several ways that can implement security for a website such as introduction of authorization/authentication methods, SSL (Secure Socket Layer), VPN (Virtual Private Network) etc. These methods have pros and cons with regards to the charasteristics. By implementing these techniques together we would be able to secure the site's contents further.

SSL (Secure Socket Layer) is used to transfer data between web server machine and client machine as encrypted data stream. SSL enabled websites should operated only on HTTPS protocol. These websites we called as HTTPS enabled or secured website. To implement SSL on our website we need to take security certificate from trusted third party organization. Verisign, COMODO, Thawte, Equifax, Go Daddy, Entrust and GeoTrust are leading SSL secure certificate providers. It is needed to select the correct secure certificate for your purpose and budget. You can concentrate on following while you are selecting a security certificate.
  1. Your budget
  2. Your purpose whether you need very high security or medium security
  3. Web server using
  4. Operating system that the web server is running
  5. Encryption algorithm
  6. Private Key size (normally 1024/2048)
  7. Warranty that they provided

Once you decided from which provider you are purchasing a certificate you need to follow few steps to complete the installation of certificate in the web server.

Step 1:

Before you install SSL security certificate you need to buy a commercial certificate or get a free test certificate. Free test certificates are only for testing purposes only and they are not allowed to use for commercial purposes. Before purchase or download test certificate you need to generate CSR (Certificate Server Request) from your web server. This request is contained all the necessary details to process a security certificate for your server. Please keep in mind that this certificate server request should generated only from the machine that your are going to install the certificate.

Open IIS Manager (Internet Information Services Manager) by browsing from Control Panel or run "inetmgr" command. Select the server name from left side pane. Double click on "Server Certificates" icon.


Fig 1: Server Certificate Icon


In "Actions" pane you will see few options such as Import, Create Certificate Request, Complete Certificate Request, Create Domain Certificates and Create Self-Signed Certificates.

Fig 2: Server Certificates window

If you have already installed security certificates are there it will down in server certificates list. To create new certificate server request click on "Create Certificate Request" link. It will open "Request Certificate" window.

Fig 3: Request Certificate window

Fill all the required details as of your domain and complete the form. At the end of the window it will asked a location to save your certification request. You can give any name for this file. Keep this file till you purchase your security certificate since it will ask the content of this file for certificate generation process.

Step 2:

Next step is to purchase your commercial certificate or download test certificate. Go to the site official web site of the security certificate provider you have been selected. Complete the security certificate apply forms and when it asks for CSR (Certificate Server Request) you should copy the content of CSR file you generated in step 1. When you are coping the content of this file, open that file only using plain text editors like notepad. Never use rich text editors like Ms-Word since it might add some additional characters. If everything success complete the certification application process and you will end up with the certificate generated for you by the certification authority. Final step is to install the purchased or downloaded certificate in your web server.

Step 3:
Fig 4: Complete Certificate Request window

From step 2 you will get a certificate file which is having extension as ".cer". Once you have this certificate file click "Complete Certificate Request" link in Actions pane. In "Complete Certificate Request" window browse your certificate and provide friendly name for easily identify the certificate among other installed security certificate in the server. Complete this window and you will get successfully installed your security certificate in your server.

Step 4:

Once you successfully installed security certificate in your web server next step is to bind the certificate with your particular web site. In one server there might have more than one certificates installed. You should specifically set which certificate should use by your web site. For that in IIS Manager select your particular web site and click on "Bindings" link in Actions pane. By default you will have only HTTP binding for a web site. You should add HTTPS binding and specify which security certificate or SSL certificate to use from the certificate drop down list.

If everything done you have successfully setup your HTTPS enables or Secured web site. Now browse your web site from your browser and see the progress of your work. Please make sure that you are typing "https://" not "http".

What is SSL?

SSL stands for Secure Socket Layer. It uses HTTPS (Hypertext Transfer Protocol Secure) protocol instead of general HTTP protocol. HTTPS is a combination of the Hypertext Transfer Protocol and a network security protocol.

HTTP operates at the highest layer of the TCP/IP Internet reference model, the Application layer; but the security protocol operates at a lower sublayer, encrypting an HTTP message prior to transmission and decrypting a message upon arrival.

HTTPS has also been known as "Hypertext Transfer Protocol over Secure Socket Layer", but now HTTPS may be secured by the Transport Layer Security (TLS) instead of Secure Sockets Layer (SSL) protocol.

To invoke HTTPS, one replaces "http://" with "https://" in the URI, or Web address.

HTTPS connections are often used for payment transactions on the Web and for sensitive transactions in corporate information systems.

Set Default Document For A Website

Normally if the website's starting page is named as index.htm, index.html, default.aspx etc once you type your domain name in the address bar of the web browser it is able to browse the corresponding starting page. You don't need to specify the starting file name and extension. If your website's starting page is other than common use such as login.htm, login.aspx etc it not straight forward to resolve the starting page for a given website. For that you need to specify the default document for the website IIS using "Default Document" feature.





Fig 1: Default Document Icon

Browse the website that need to set the default document in "Connections" pane of IIS Manager. Double click on Default Document icon to specify the default document for your site.




Fig 2: Default Decument window in IIS 7.0

Click on "Add..." link to add new default document to the site. You can see in the figure there are two types of documents are listed. "Inheretted" items come from server level default documents and "Local" type entry is the specifically entered for this website.

HTTP Redirect in IIS 7.0

Using your domain name or DNS (Domain Name Server) entry you can redirect your users to the web server that the website is hosted on. But if you have several websites in one server or several application in one website the users might need to specify the exact location of the page that they need to browse. This is not very cleared design since most of the users are willing to type less on the address bar and browse what they want. You can use HTTP Redirect feature in IIS Manager (Internet Informations Services Manager) to overcome this problem. Your domain name or DNS entry will push your users into the webserver and from there you can redirect them to the specify location or page by using HTTP Redirect feature. There you need to specify the destination that need to redirect.



Fig 1: HTTP Redirect in IIS 7.0

"Redirect requests to this destination" text box can be used to specifyt the destination of the redirection. Once you specify the destination url click on "Apply" link in Actions pane to save the settings.

Apache web server is support to IP based redirection that allowed you to specify diffent IP for the diffirent website in the web server and DNS can redirect based on the IPs of the websites. But so far IIS web server doesn't support for this featrue. So that you might need to use this featrue to redirect your users to exact location.

Restrict A Website for specific IP address on IIS 7.0

Generally websites are open for public users. Public websites can be accessed from any PC connected to the Internet whereas someother sites request to authenticate the user to provide service. Within a public domain there might have secured sites such as HTTPS enabled sites, VPN etc. Apart from these categories you can restrict your website to be browsed only from specific PCs only. IPv4 Address and Domain Restrictions feature in IIS can be used to deny or allow access to specific IP address or IP address range.


Fig 1: IPv4 Address and Domain Restrictions

In Actions pane you are allowed specify the allowed entries and denied entries. There you can specify one IP address or range of IP addresses. If you are specify the Allow Entry and Deny Entry both for one website, you need to make sure that the IP address ranges are not conflict with each other.



Fig 2: Add Allow Restriction Rule













Fig 3: Add Deny Restriction Rule

FeedReader - Free RSS Reader Software

FeedReader is free RSS reader software. You can download this software on following link:

http://www.feedreader.com/download

RSS (Really Simple Syndication) is a family of Web feed formats used to publish frequently updated works. By using feedreader software you can download all the feed updates from your favourite sites into your computer. By simply browsing only one application you can read various articles from different RSS web sites.

How to Show/Insert HTML and other tags in Blogger

If you have try to show or insert HTML or other tags into Blogger post, you might have seen that those text are not visible once you publish your post. The reason is once you insert HTML tags, blogger is render them as meta tags. So you can not see them and what you have written there will be rendered and show the resutl. To avoid this and show HTML and other codes in your post you need replace your code, greater than sign with & g t; and less than sign with & l t;.


Plese not that remove spaces in between three characters. What is actually happened here is & l t and & g t are another method of tell HTML page to show greater than and less than sign.

HTTP 413 Request Entity too Large - Can't upload large files

HTTP 413 Request Entity too Large - Can't upload large files

If you are tring to upload a file using file uploader in IIS6 ro IIS7 normally HTTP request is allowed to upload upto file size 2 MB. But when you are using file upload feature with CAC (client access certificates) the SSL preload is used a new metabase property called UploadReadAheadSize in IIS6 or 7 to determine the maximum buffer size of the incoming request. The default size for this buffer is 48k, which was added to prevent anonymous DOS attacks by uploading very large garbage files.

Simply you can increse this thresold value to avoid this problem. You can change this setting up to 4GB although you probably wouldn't want to do so unless you had a compelling business need. Of course a site that required authentication would be an effective way of limiting the chances of DoS, so if you do need to up this limit, you should consider requiring client authentication to connect.

Use following scripts to change the uploadreadheadsize:

cscript adsutil.vbs set w3svc/1/uploadreadaheadsize 204800

If you get following error, you need to install adsutil.vbs script in your machine. or you can run this command from the location of the script.

Microsoft Windows [Version 6.0.6001]Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Administrator>cscript adsutil.vbs set w3svc/1/uploadreadaheadsize 204800Microsoft (R) Windows Script Host Version 5.7Copyright (C) Microsoft Corporation. All rights reserved.
Input Error: Can not find script file "C:\Users\Administrator\adsutil.vbs".

Search "adsutil.vbs download" to get the lates script from the web.

Increase Upload File Size in IIS 7.0

I developed a ASP.NET web application that can upload around 2 MB files from client location to server folder. This application was working fine in my test environment on IIS 7.0. But once I moved that application into my web server which had MS-Windows 2008 server and it gave me an error saying that file size is too high to upload file. Which is requred to increased the "maxAllowedContentLength" and "headerLimits" size. Inserting below code into your web config file you can specify these parameters.

<requestfiltering>
<requestlimits maxallowedcontentlength="2097151">
<headerlimits><add header="Content-type" sizelimit="2097151">
</headerlimits>
</requestlimits>
</requestfiltering>

Also you can increse "maxRequestLength" in httpRuntime tag using following code part.

<httpruntime apprequestqueuelimit="100" minlocalrequestfreethreads="4" minfreethreads="8" usefullyqualifiedredirecturl="false" maxrequestlength="2097151" executiontimeout="1200">

LinkWithin

Related Posts with Thumbnails

Twitter Updates

    follow me on Twitter