IIS7 : HOW TO force a website to use SSL?


I have written about how to configure a website for HTTPS here.  In this post, I will explain how to force HTTPS for any website.


1. Open IIS7 Manager UI.

2. Expand the Web Sites in the Connections pane and select the Web site.

3. In the Features View, double click on the “SSL Settings”.


4. You will see the check box to force SSL on this website and click on “Apply” in the Actions pane.


Select the Client certificates options at your need of the website. That’s it. We now force the HTTPS browsing for that website. Now, if the user tries to browse the website over HTTP, he will be getting 403.4 Forbidden error message.

Again, I am writing this simple HOW TO articles for IIS 7 to just make any IIS 7 beginner getting little more comfort in the IIS 7 UI because for any user who is most used to the IIS5/5.1/6 UI – seeing the new IIS7 UI for the first time, doing simple things like this seems pretty complex (as it did to me).

Comments (4)

  1. Is there a way to force a redirect to the https site?  For example, if people go to http://www.capitoltechsolutions.com, it current comes up with the 403.4 error. I would rather have it come up as https://www.capitoltechsolutions.com.  I tried forwarding the address to the SSL site but to no avail.

    Is it possible to do that?

  2. rakkim says:

    You can do that by doing a redirection for the site, or by following steps as appropriate from http://support.microsoft.com/kb/839357/en-us.

    But this isn’t just only the way to do it, there are plenty available too.

  3. As the title sounds, here I’m going to discuss a very simple feature of IIS7 which has one additional

  4. rakkimk says:

    As the title sounds, here I’m going to discuss a very simple feature of IIS7 which has one additional