I have an IIS site in which: - I need to redirect HTTP to HTTPS - I need to require client certificates
The first part works fine, with a simple rule which redirects from HTTP to HTTPS.
However, if I modify the SSL settings of the site to require SSL and client certificate, if I try to access the site using http, instead of getting a redirection, I get an error.
Is there a way to make this work?
The solution is to setup 2 different sites in IIS, for the same domain:
The first site is simply an empty site that only has a web.config file that redirects all request to https. This is its content:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to HTTPS" enabled="true" patternSyntax="Wildcard"
stopProcessing="true">
<match url="*" />
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>