Really quick Howto on moving keys (for SSL in this case) from a Linux server to Windows. I needed this to install a wildcard SSL certificate on both Apache and IIS servers.

Assuming you have your Apache SSL certificate and a private key file (with or without PEM encryption)

openssl pkcs12 -export -out wildcard.pfx -in wildcard.crt -inkey wildcard.pem

This will generate a single Personal Information Exchange file that can be transferred to Windows and imported using the Certificate MMC snapin.

Here is a quick howto for redirecting HTTP traffic to HTTPS using Windows IIS.

This assumes you have a working HTTP virtual web site and you have your SSL certificates all sorted out.

Method 1: Redirect using a Virtual web site

This method describes setting up a second virtual web site to handle HTTP traffic that redirects users to the HTTPS web site.

First of all strip out the host headers from your working HTTP virtual web site and change the TCP port.

If you aren't using SSL you can support multiple HTTP virtual web Sites on a single IP by configuring the host header. Because SSL encrypts the entire HTTP header it can't differentiate traffic destined for different sites on a single IP so you have this limitation of one SSL web site per IP address.

Changing the TCP port is necessary as you shouldn't have multiple virtual web sites on the same IP address, on the same TCP port without host headers. I've chosen TCP port 8888 here at random although I'll never actually connect to that port (and also your firewall probably wouldn't be configured to forward packets to that port)

 Now create a new Virtual Web Site (Navigate to Internet Information Services > %SERVERNAME% > Web Sites. Right click Web Sites and New > Web Site)

Create the web site using all of the defaults. For the Description I would use something like SSL redirect for example.com. Now is a good time to add the HTTP Host Header back into your configuration. For the Web Site Home Directory choose the default directory of C:\Inetpub\wwwroot as we are going to change this shortly anyway.

When the new Virtual Web Site is created go the properties and the Home Directory tab. Choose the option to A redirection to a URL and enter https://www.example.com/

You could also select A permanent redirection for this resource to send a HTTP 302 redirect message to the client which would update bookmarks etc. Be sure not to select either The exact URL entered above or A directory below the URL entered

You could redirect only certain parts of the HTTP site to HTTP by right clicking a directory in IIS and configuring the Directory tab to redirect that directory to a URL - https://www.example.com/subfolder

Method 2: Customise the IIS error page

This method involves modifying the error page that tells you to use SSL for the website and using a small Javascript method to redirect the browser to SSL.

Copy the default error page for HTTP 403.4 (Forbidden SSL requried) to a new file.

copy %SYSTEMROOT%\help\iisHelp\common\403-4.htm %SYSTEMROOT%\help\iisHelp\common\403-4-custom.htm

 Edit the new file and insert the following code between the </STYLE> and the </HEAD> tags near the top of the file

<script type="text/javascript">
loc = new String(window.location);
loc = loc.replace("http", "https");
document.location.href = loc;
</script>

This Javascript reads the URL in the browser window and redirects the browser to the HTTPS version of the site. It isn't bulletproof however if browsers have Javasript disabled via NoScript or something similar