IIS 6 and Require 128-bit Encryption for SSL and PCI requirements RSS

• • Reply
  

  kahanu

  Member

  90 Points

  147 Posts

  IIS 6 and Require 128-bit Encryption for SSL and PCI requirements

  Jul 15, 2008 03:01 AM|LINK

  I'm trying to build a site that has a section that does NOT require an SSL certificate and another section that does. 

  For my Secure section I created a new virtual directory in IIS.  This section will has the SSL certificate.  Everything works as it should, except for the following issue.
  

  Here's my problem, my site just became non-PCI compliant because of a new vulnerability (that wasn't there months ago when I was PCI compliant).  The fix tells me to go into IIS and select the web site, folder or files that will be secure and go to Properties and Directory Security.  Then I'm supposed to check the box that says "Require 128-bit Encryption".  When I do that and run my site, I get an error that says the page must use https.

  I had my ASP.NET application handle making the URL https, but this IIS configuration breaks that.

  Does anyone know how to make this work?

  Let me know if you need more information.

  Thanks.
  

  King Wilder
  MVC Central
  http://www.mvccentral.net
• • Reply
  

  jeff@zina.co...

  All-Star

  87677 Points

  11637 Posts

  Moderator

  Re: IIS 6 and Require 128-bit Encryption for SSL and PCI requirements

  Jul 15, 2008 12:34 PM|LINK

  Try www.iis.net.

  Jeff

  Have you Binged a solution before posting?
• • Reply
  

  kahanu

  Member

  90 Points

  147 Posts

  Re: IIS 6 and Require 128-bit Encryption for SSL and PCI requirements

  Jul 15, 2008 06:00 PM|LINK

  jeff@zina.com

  Try www.iis.net.

  Jeff

   

  Jeff, thanks for the suggestion.  I posted a message there.  I hope I get an answer.  I'm surprised no one here has run into this.
  

  King Wilder
  MVC Central
  http://www.mvccentral.net