The Safety Sockets (SSL) is an encryption technology that provides authentication, confidentiality and data integrity. SSL is most commonly used to establish secure communication channels between web browsers and web servers. It can also be used between client applications and web services.
Claim
The following items describe the recommended hardware, software, network infrastructure, skills, and knowledge, and the service pack you need.
● Microsoft? WINDOWS? 2000 Server operating system (Service Pack 2)
● Microsoft Certificate Service (if you need to generate your own certificate, it is required).
The process of this "How to do" also requires you to have some IIS configuration knowledge.
to sum up
"How to do" includes the following procedure:
Generated certificate application
2. Submit a certificate application
3. Issue a certificate
4. Install the certificate on the web server
5. Configure the resource as required by SSL
Generated certificate application
This process creates a new certificate application that can be sent to the certificate authority (CA) for processing. If successful, CA will send you a file containing a certificate of effectiveness.
u Generate certificate application
1. Start the IIS Microsoft Management Console (MMC) management unit.
2. Expand the web server name, select the Web site where you want to install the certificate.
3. Right click on the Web site and click Properties.
4. Click the Directory Security tab.
5. Click the Server Certificate button in "Secure Communication" to launch the Web Server Certificate Wizard.
Note: If the Server Certificate is not available, it may be because you select a virtual directory, directory, or file. Returns Step 2 and select the web site.
5. Click Next to skip the Welcome dialog box.
6. Click "Create a new certificate" and click Next.
7. This dialog has two options:
● "Now prepare to apply, but send later"
This option is always available.
● "Immediately send the application to the online certificate authority"
This option is only available when the web server accesss one or more Microsoft certificate servers in a Windows 2000 domain configured to issue a Web Server Certificate. In the following application, you have the opportunity to select the issuer sent to the application from the list.
Click "Prepare Now, but later", then click Next.
8. Type a descriptive name of the certificate in the Name field, type the bit length of the key in the "bit length" field, and then click Next.
The wizard uses the current Web site name as the default name. It is not used in the certificate, but as a friendly name to help the administrator.
9. Type an organization name (for example, Contoso) in the Organization field, type an organizational unit (for example, "Sales Department) in the Organization Unit field, and then click Next.
Note: This information will be placed in the certificate application, so it should ensure its correctness. CA will verify this information and put it in the certificate. Browse users of your web site needs to view this information in order to determine if they accept certificates.
10. In the Public Name field, type your site's common name, and then click Next.
Important: The common name is one of the most important information of the certificate. It is a DNS name of the web site (ie the user typed when browsing your site). If the certificate name does not match the site name, the certificate issue will be reported when the user browses to your site.
If your site is on the web and is named www.contoso.com, this is the common name you should specify.
If your site is an internal site, and the user is browsing through the computer name, enter the computer's NetBIOS or DNS name.
11. Enter the appropriate information in the Country, State / Provincial and Urban / Counties and Municipalities fields, and then click Next. 12. Enter the file name of the certificate application.
This file contains information similar to the following.
----- Start the new certificate application -----
MIIDZJCCAS8CAQAWGYOXNJA0BGNVBAMTLW1PENJVY2TSYXB0B3AUBM9YDGHHBWVY ...
----- End new certificate application -----
This is the basin 64 encoding expression of your certificate application. The application contains information in the wizard, also includes your public key and information with your private key.
Send this application to CA. The CA then uses the public key information in the certificate application to verify information with your private key signature. CA also verifies the information provided in the application.
When you submit an application to CA, CA will send a certificate in a file. Then you should restart the Web Server Certificate Wizard.
13. Click "Next". This wizard shows an outline of the information contained in the certificate application.
14. Click Next, then click Finish to complete the application process.
Certificate application can now be sent to CA for verification and processing. After you receive a certificate response from CA, you can use the IIS Certificate Wizard again to continue install the certificate on the web server.
2. Submit a certificate application
This process uses the Microsoft certificate service to submit a certificate application generated in the previous process.
u Submit a certificate application
1. Use the "Notepad" to open the certificate file generated in the previous process, copy its entire content to the clipboard.
2. Start Internet Explorer, navigate to http: // hostname / certificaterv, where Hostname is the name of the computer running the Microsoft certificate service.
3. Click "Application Certificate" and click Next.
4. On the Select Application Type page, click Advanced Application, and then click Next.
5. In the Advanced Certificate Application page, click "Use Base64 encoded PKCS # 10 file submission request", then click Next.
6. On the "Submit a Saved Application" page, click "Base64 encoded certificate application (PKCS # 10 or # 7) text box, press CTRL V, paste the certificate application previously copied to the clipboard.
7. In the Certificate Template combo box, click Web Server.
8. Click Submit.
9. Turn off Internet Explorer.
3. Issue a certificate
u issued a certificate
1. Launch the Certificate Authority tool from the Administrative Tools program group.
2. Expand your certificate authority and select the "To Apply" folder.
3. Select the certificate application you just submitted.
4. In the "Operation" menu, point to All Tasks, and then click "Profile".
5. Confirm that the certificate is displayed in the "certification" folder, then double-click to view it.
6. In the Details tab, click Copy to Files to save the certificate as the Base-64 encoded X.509 certificate.
7. Turn off the attribute window of the certificate.
8. Turn off the Certificate Authority tool.
4. Install the certificate on the web server
This process is installed on the WEB server to the certificate issued in the previous process.
u Install the certificate on the web server
1. If the Internet information service has not yet run, start it.
2. Expand your server name, select the Web site where you want to install the certificate.
3. Right click on the Web site and click Properties.
4. Click the Directory Security tab.
5. Click the Server Certificate to launch the Web Server Certificate Wizard.
6. Click "Processing the Request for Application and Install" and then click Next.
7. Enter the path and file name of the file containing the CA response, and then click Next. 8. Check the certificate overview, click Next, then click Finish.
The certificate is now installed on the web server.
5. Configure the resource as required by SSL
This process uses the Internet Service Manager to configure the virtual directory to request SSL access. You can use SSL for a specific file, directory, or virtual directory. The client must use the HTTPS protocol to access all such resources.
u Configure the resource as requested SSL access
1. If the Internet information service has not yet run, start it.
2. Expand your server name and Web site. (This must be a Web site with installed certificates).
3. Right click on a virtual directory and click Properties.
4. Click the Directory Security tab.
5. Click Edit under "Secure Communication".
6. Click "Require Secure Channel (SSL)".
Now the client must use HTTPS to browse to this virtual directory.
7. Click OK, then click OK to close the Properties dialog.
8. Turn off Internet Information Services.
