IIS 10, redirect http and www to https

Pearman C 0 Reputation points
2023-02-06T22:22:16.6466667+00:00

I have a website with an SSL certificate for https://a.domain.com. I am using IIS 10 to host the application running asp.net. I currently have the external DNS routing correctly for http, https and www. When type in http://a.domain.com and https://a.domain.com I am sent to the correct website and the pages load as expected. When I type in www.a.domain.com inside a browser it changes to http://www.a.domain.com and I see an error page. I can view the SSL certificate for the website so I am hitting the correct WAN external ip and the IIS server since it is presenting the SSL certificate. What I want is when someone types in http://a.domain.com, https://a.domain.com and www.a.domain.com (translates to https://www.a.domain.com) in a browser I want these request to go to https://a.domain.com. I could at this point time have a wildcard to route any request having domain.com in it to go to https://a.domain.com. I have read many articles about this and tried at least 5 different ways of doing it. I cant seem to make any progress. Any help is greatly appreciated. I need step by step.

Internet Information Services
ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,254 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,127 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Lex Li (Microsoft) 4,742 Reputation points Microsoft Employee
    2023-02-16T05:58:51.13+00:00

    You might get some further explanation from where you purchased the server certificate, but the rule of thumb is that the Common Name and DNS names associated with the certificate determine what are the valid HTTPS requests that this server certificate can support.

    Thus, if this server certificate only covers a.domain.com then you can only use it when serving https://a.domain.com, but not https://www.a.domain.com because www.a.domain.com is considered a completely different domain name (how the DNS system works).

    Ask yourself and your team which are the domain names your web site is going to require, and then your server certificate must cover them all. That might require you to purchase special certificates (like Wildcard or SAN) or multiple ones.

    BTW, people also prefer free certificates from Let's Encrypt, when their sites do not require complicated certificates from other CAs that have higher price tags.

    0 comments