I've implemented SSl in IIS with a test cert from Verisign. The root =
directory for my domain is inetpub\wwwroot and the directory I used for =
the secure folder is inetpub\wwwroot\secure. What I don't understand is =
when I type https://www.mydomain.net/secure, the test page displays, but =
it also displays when I type http://www.mydomain.net/secure. I have =
"Require secure SSL channel" enabled for the directory. I wasn't clear =
as to virtual vs. home directory and left it as virtual since I'm not =
securing the complete site only the one directory. I didn't assign it =
an alias. If, on the other hand, I assign it an alias and type =
http://www.mydomain.net/aliasname I get a Secure Channel Required error, =
which is correct and when I type https://www.mydomain.net/aliasname the =
page is returned. However, if I type http://www.mydomain.net/secure the =
page is also returned which is incorrect.
I know the cert is in OK as the https call works. When I put the cert =
in I left the server connection set to default instead of specifying an =
IP address. I did commit changes from key manager and stopped and =
restarted the service.
Is it the placement of the directory or what that is allowing the =
directory to be read without the https being specified? Any help would =
be appreciated.
Stuart