Import SSL, Auto redirect http to https, Custom Error Page lock violation

Import SSL in IIS 7

For importing SSL certificate, the certificate should have in PKCS #12 format (.pfx). If you have SSL certificate, its not in PKCS #12 format and you have Certificate and Private key you can generate the .PFX SSL certificate using OPENSSL tool or online by click here.

Once the .PFX certificate generated, go to IIS Manager by type ‘inetmgr’ in windows run. Select main not in left pane. And double click on “server certificates” from the middle pane. Then click on ‘import’ from the right pane. A dialog box will open select the SSL certificate which you have generated in .PFX format and enter the password which you had given at the time of generating the PFX certificate. Click on Ok button. Now, you can assign the certificate to your domain, using Binding.

Auto redirect http to https in IIS 7
Method 1 – Using Microsoft URL Rewrite Module

For this method of redirecting from HTTP to HTTPS, you will need to do the following;

1. Install the Microsoft URL Rewrite Module
2. Install your SSL certificate in IIS 7 and bind it to your website
3. Make sure Require SSL is NOT checked under SSL Settings for your website
4. Copy and paste the following code between the and tags in your web.config file in your website root directory.

<rule name="HTTP to HTTPS redirect" stopProcessing="true">
  <match url="(.*)" />
      <add input="{HTTPS}" pattern="off" ignoreCase="true" />
  <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />

5. Test the site by going to and making sure it redirects

Method 2 – Setting up a Custom Error Page
The second method of setting up an IIS7 redirect HTTP to HTTPS is to Require SSL on the site or part of the site and set up a custom 403.4 error page. To do this, just following these steps:

1. Install your SSL certificate in IIS 7 and bind it to your website
2. In IIS, click on the site name, and go to the SSL Settings section
3. Check Require SSL checked under SSL settings of your website
4. After doing this, users will normally receive this error 403.
5. Create a new text file and paste the following into it:

<script language="JavaScript">
function redirectHttpToHttps()
    var httpURL= window.location.hostname + window.location.pathname +;
    var httpsURL= "https://" + httpURL;
    window.location = httpsURL;

6. Save the file as redirectToHttps.htm in your C:\Inetpub directory
7. Back in IIS, click on the site name and double-click the Error Pages option
8. Click Add… and enter 403.4 as the Status code. Browse for the redirectToHttps.htm file you just created and click OK
9. Select the error code and press Edit Feature Settings…
10. Click the Custom error pages option and again browse for the redirectToHttps.htm file
11. Test the site by going to and making sure it redirects

Custom Error Page lock violation

If your IIS 7 web server doesn’t already have it, install the IIS 7.0 Administration Pack from Microsoft.

Navigate to the root web server name in IIS, and open the Configuration Editor (part of the Administration Pack). Change the dropdown to system.webServer/httpErrors, right-click on defaultPath, and choose ‘defaultPath’ Attribute -> Unlock Attribute.

Then try to change the custom error handler page again. Navigate to your site, open Error Pages under the IIS group, click Edit Feature Settings on the right, select Custom error pages and finally, put in your path for the default page.

The Manual Way

I know you can accomplish all this by direct editing in notepad of the appropriate config file on the web server. And that may be required for your particular web hosting environment or company production web server change protocols. But why make it complicated if it doesn’t need to be? Plus, this way you can do it in the GUI, and compare the before and after to see what changes you truly have to make. But if you MUST do it manually, then:

Open the file %windir%\System32\inetsrv\config\applicationHost.config in Notepad. Run Notepad as administrator if you’re having problems.

You’ll see something like this:

<httpErrors lockAttributes="allowAbsolutePathsWhenDelegated,defaultPath">

Remove the ,defaultPath section and save.

You will be able to make the changes you need.