当SSL证书不再有效时，从https重定向到http [英] Redirect from https to http when the SSL cert is no longer valid

问题描述

我有一个IIS 6.0服务器而且我不再使用SSL证书（由于某些功能更改，不再需要它，没有我可以使用的有效证书）。有没有办法让我将用户重定向到已经有https标记的http网站？

我尝试使用自签名证书并将URL重写为http版本，但浏览器在我可以使用web.config重定向之前收到有关自签名证书的警告。

我还尝试删除端口443作为HTTPS绑定并添加端口443作为HTTP绑定但它不起作用。当我试图启动网站时，我收到一个错误，表明该端口已被使用。

解决方案

不，你可以' t。

在初始HTTPS请求发生后，从HTTPS到HTTP的重定向发生，并且此请求需要使用有效的证书。
如果您想做什么，降级MITM攻击将太容易执行。

或许完全关闭443端口可能会使您的用户也尝试使用普通的HTTP，但如果他们不了解您的网站，他们真的应该认为这是一种潜在的攻击。<​​/ p>

I have an IIS 6.0 server and I'm no longer using an SSL certificate (Don't need it anymore because of some functional changes, don't have a valid one I can use). Is there a way for me to redirect users to the http site who already have the https one bookmarked?

I tried using a self signed certificate and rewriting the URL to the http version but browsers get a warning about the self signed certificate before I can redirect using web.config.

I also tried removing port 443 as an HTTPS binding and adding port 443 as an HTTP binding but it didn't work. When I tried to start the web site I got an error indicating the port was already in use.

解决方案

No, you can't.

Redirections from HTTPS to HTTP happen after the initial HTTPS request has been made, and this request expects a valid certificate to be used. If what you'd like to do was possible, downgrade MITM attacks would be far too easy to perform.

Perhaps turning off port 443 completely might make your users try plain HTTP too, although they really should consider this to be a potential attack if they don't know your site.

这篇关于当SSL证书不再有效时，从https重定向到http的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！