why no 403;4 error in IIS6 when user connects to SSL-secured site using plain HTTP

I was under the impression that if a user attempted to visit a website that had been secured with an SSL certificate, but did not use HTTPS and instead used plain HTTP in the address box, a 403;4 error would be generated, and that an errormessage something like this would be presented:

"This page must be viewed over a secure channel" "The page you are trying to access is secured with Secure Sockets Layer (SSL)."

But that's not happening on our website. You can use http://secure.oursite.com or https://secure.oursite.com and both work fine.

The company that issued the SSL certificate says our certifica开发者_如何学Cte checks out OK in their certificate checking tool and that it's "chaining properly" and that this is an IIS configuration issue.

Does this SSL over HTTP error checking have to be explicitly enabled?

I was planning on creating a custom error for the 403;4 condition, pointing to a file, which redirects to https://secure.oursite.com. But the error condition is not being trapped by IIS.

EDIT: I've stopped and restarted the server. Not solved.

Thanks

As per this article have you checked the "Require secure channel (SSL)" box in the properties for your site? This is what triggers the error. You can then create the redirect using a custom error page.

a 403;4 error would be generated

That's not what happens in my site. My site automatically redirects to the HTTPS port. It's done free of charge by Tomcat.