Removing Requirement for SSL

From: Sam Ev (newsgroupmail_at_pannellsigns.co.uk)
Date: 08/23/04 

Date: Mon, 23 Aug 2004 16:19:45 +0100

Hello, I have SBS 2000 running with IIS and Exchange and went through this
walk though on how to secure OWA with an SSL certificate.

http://www.smallbizserver.net/Default.aspx?tabid=83

We set the default website up to require an SSL connection because we didn't
want people to be able to access unsecurly. This of course meant that to
access any of the default website from the internal system we had to connect
to the https://localhost address. We later decided however that it would be
a better idea just to close port 80 on the external interface as we had no
need for people to access anything through this (this was done through ISA
server).

Our Antivirus software however is administrater and updated through a
website running as a sub folder of the default website on IIS (Trend Micro
Office Scan) so of course this now required a secure connection to connect
to it. Unfortunately the software can not be installed on new machines and
can not connect to the website whilst a secure connection is required.

We then unchecked the "require secure channell (SSL)" box on the directory
security tab of the default website in IIS, this change cascaded down
sucessfully to the sub folders and files. When we try to access any part of
the website from the internal system we still recieve the "HTTP 403.5 -
Forbidden: SSL 128 required" error page from IIS and can not figure out why.
Is there anywhere else in IIS that sets whether a website requires a secure
connection or is there something somewhere else in ISA for example that can
have this effect. How do I remove the requirement for an SSL connection to a
webserver to allow internal users to access the website through port 80 once
more.

Thank you

Samuel

Relevant Pages

  • Re: Trying to create a pass through for SSL
    ... shared on a secure site, and all sub-domains that have secure services are ... You then check "Accept only SSL" on the ... I simply make the client go to the secure website using my vdir name. ... (secure.xyz.com and virtual directory ~mysubdomain) ...
    (microsoft.public.inetserver.iis.security)
  • Removing Requirment for an SSL connection
    ... I have SBS 2000 running with IIS and Exchange and went through this ... We set the default website up to require an SSL connection because we didn't ... Office Scan) so of course this now required a secure connection to connect ...
    (microsoft.public.inetserver.iis)
  • Secure a Website page - goes live on Friday Aug 13!!
    ... I have a website I am serving with IIS on an SBS 2003 Premium machine. ... There is a particular page that marketing wanted to make secure when you ... Properties for the new Virtual Site and disabled anonymous access, ...
    (microsoft.public.windows.server.sbs)
  • Re: Multiple Sites running same code, w/SSL.
    ... This is a limitation in SSL, not IIS. ... Here is the problem -- Host header is a property of the HTTP request (it is ... the website and hence server certificate, is encrypted in the very thing ...
    (microsoft.public.inetserver.iis.security)
  • Re: Control SSL error page or detect capable SSL connection?
    ... We'd like to offer SSL form submits by default, ... Within IIS Manager, locate the file/folder you require to be SSL enabled, ... "The page must be viewed over a secure channel ... using the 'Custom Errors' tab within the previous options in IIS, ...
    (comp.lang.php)