Last post Jul 15, 2008 02:00 PM by kahanu
Jul 14, 2008 11:01 PM|kahanu|LINK
I'm trying to build a site that has a section that does NOT require an SSL certificate and another section that does.
For my Secure section I created a new virtual directory in IIS. This section will has the SSL certificate. Everything works as it should, except for the following issue.
Here's my problem, my site just became non-PCI compliant because of a new vulnerability (that wasn't there months ago when I was PCI compliant). The fix tells me to go into IIS and select the web site, folder or files that will be secure and go to Properties
and Directory Security. Then I'm supposed to check the box that says "Require 128-bit Encryption". When I do that and run my site, I get an error that says the page must use https.
I had my ASP.NET application handle making the URL https, but this IIS configuration breaks that.
Does anyone know how to make this work?
Let me know if you need more information.
Jul 15, 2008 08:34 AMemail@example.com|LINK
Jul 15, 2008 02:00 PM|kahanu|LINK
Jeff, thanks for the suggestion. I posted a message there. I hope I get an answer. I'm surprised no one here has run into this.