Redirect from https to http when the SSL cert is no longer valid

Question

I have an IIS 6.0 server and I\'m no longer using an SSL certificate (Don\'t need it anymore because of some functional changes, don\'t have a valid one I can use). Is ther

Answer 1

No, you can't.

Redirections from HTTPS to HTTP happen after the initial HTTPS request has been made, and this request expects a valid certificate to be used. If what you'd like to do was possible, downgrade MITM attacks would be far too easy to perform.

Perhaps turning off port 443 completely might make your users try plain HTTP too, although they really should consider this to be a potential attack if they don't know your site.