Ensuring That Secure Content Is Served Over HTTPS Only
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1
After a certificate is installed on a site, it can be served over HTTP or HTTPS. To ensure that only SSL requests are served, you must configure the AccessSSL metabase property to force SSL content requests only.
Important
You must be a member of the Administrators group on the local computer to run scripts and executables. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run your script or executable as an administrator. At a command prompt, type runas /profile /user:MyComputer</STRONG>Administrator cmd to open a command window with administrator rights and then type cscript.exe ScriptName (include the script's full path and any parameters).
Procedures
To force SSL content requests only
Click Start, click Run, type
cmdand then click OK.
Type the following command at the command prompt:
cscript.exe adsutil.vbs set /w3svc/<site identifier>/AccessSSL TRUEwhere <site identifier> is the unique number that identifies the site.
Related Topics
For information about configuring server bindings for SSL host headers, see Configuring Server Bindings for SSL Host Headers.
For information about Adsutil.vbs, see Using the Adsutil.vbs Administration Script.
For information about AccessSSL, see AccessSSLFlags Metabase Property.