Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
688 views
in Technique[技术] by (71.8m points)

iis - Redirect from https to http when the SSL cert is no longer valid

I have an IIS 6.0 server and I'm no longer using an SSL certificate (Don't need it anymore because of some functional changes, don't have a valid one I can use). Is there a way for me to redirect users to the http site who already have the https one bookmarked?

I tried using a self signed certificate and rewriting the URL to the http version but browsers get a warning about the self signed certificate before I can redirect using web.config.

I also tried removing port 443 as an HTTPS binding and adding port 443 as an HTTP binding but it didn't work. When I tried to start the web site I got an error indicating the port was already in use.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

No, you can't.

Redirections from HTTPS to HTTP happen after the initial HTTPS request has been made, and this request expects a valid certificate to be used. If what you'd like to do was possible, downgrade MITM attacks would be far too easy to perform.

Perhaps turning off port 443 completely might make your users try plain HTTP too, although they really should consider this to be a potential attack if they don't know your site.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...