Wise-Old-Blogger.comŽ
How To Set Up an
HTTPS Service in IIS
Source: MS Knowledge Base
Applies To
This
article was previously published
under
Q324069
SUMMARY
HTTPS is a secure communications
channel that is used to exchange
information between a client
computer and a server. It uses
Secure Sockets Layer (SSL). This
article describes how to
configure the SSL/HTTPS service
in Internet Information Services
(IIS) and compares this process
to the similar process in
Apache.
back to the top
Configuring Your Web Server for
SSL
To
enable SSL in IIS, you must
first obtain a certificate that
is used to encrypt and decrypt
the information that is
transferred over the network.
IIS includes its own certificate
request tool that you can use to
send a certificate request to a
certification authority. This
tool simplifies the process of
obtaining a certificate. If you
use Apache, you must obtain the
certificate manually.
In both IIS and Apache, you
receive a certificate file from
the certification authority,
which you must configure on the
computer. Apache reads the
certificate from its source file
by using the
SSLCACertificateFile directive.
However, in IIS, you can
configure and manage
certificates by using the
Directory Security
tab of the Web site or folder
properties.
You can migrate certificates
from Apache to IIS; however,
Microsoft recommends that you
re-create or obtain a new
certificate for IIS.
back to the top
Configure Folder or Web Site to
Use SSL/HTTPS
This
procedure assumes that your site
has already has a certificate
assigned to it.
-
Log on to the Web server
computer as an
administrator.
-
Click Start,
point to Settings,
and then click
Control Panel.
-
Double-click
Administrative Tools,
and then double click
Internet Services
Manager.
-
Select the Web site from the
list of different served
sites in the left pane.
-
Right-click the Web site,
folder, or file for which
you want to configure SSL
communication, and then
click Properties.
-
Click the Directory
Security tab.
-
Click Edit.
-
Click Require
secure-channel (SSL)
if you want the Web site,
folder, or file to require
SSL communications.
-
Click Require
128-bit encryption
to configure 128-bit
(instead of 40-bit)
encryption support.
-
To allow users to connect
without supplying their own
certificate, click
Ignore client certificates.
Alternatively, to allow a
user to supply their own
certificate, use
Accept client certificates.
-
To configure client mapping,
click Enable client
certificate mapping,
and then click Edit
to map client certificates
to users.
If you configure this
functionality, you can map
client certificates to
individual users in Active
Directory. You can use this
functionality to
automatically identify a
user according to the
certificate they supplied
when they access the Web
site. You can map users to
certificates on a one-to-one
basis (one certificate
identifies one user) or you
can map many certificates to
one user (a list of
certificates is matched
against a specific user
according to specific rules.
The first valid match
becomes the mapping).
-
Click OK.
back to the top
TROUBLESHOOTING
MS Knowledge Base Article
Q310731
REFERENCES
For additional information about how to set other preferences for log files in IIS, click the article number below to view the article in the Microsoft Knowledge Base:
310178 How To Install Imported Certificates on a Web Server in Windows 2000
For additional information about securing IIS for a migration from UNIX to Windows, click the article number below to view the article in the Microsoft Knowledge Base:
324216 How To Secure IIS in a UNIX-to-Windows Migration
back to the top
|
|
|
The information in this article
applies to:
-
Microsoft Windows 2000
Server
-
Microsoft Windows 2000
Advanced Server
-
Microsoft Windows 2000
Professional
-
Microsoft Small Business
Server 2000
-
Microsoft Internet
Information Services 5.0
|
|
|
|
|
