I'm trying to build a site that has a section that does NOT require an SSL certificate and another section that does. 

For my Secure section I created a new virtual directory in IIS.  This section will has the SSL certificate.  Everything works as it should, except for the following issue.

Here's my problem, my site just became non-PCI compliant because of a new vulnerability (that wasn't there months ago when I was PCI compliant).  The fix tells me to go into IIS and select the web site, folder or files that will be secure and go to Properties and Directory Security.  Then I'm supposed to check the box that says "Require 128-bit Encryption".  When I do that and run my site, I get an error that says the page must use https.

I had my ASP.NET application handle making the URL https, but this IIS configuration breaks that.

Does anyone know how to make this work?

Let me know if you need more information.

Thanks.

Try www.iis.net.

Jeff

jeff@zina.com:

Try www.iis.net.

Jeff

Jeff, thanks for the suggestion.  I posted a message there.  I hope I get an answer.  I'm surprised no one here has run into this.