You can require users to establish an encrypted channel with your server before accessing a restricted Web site, directory, or file. The use of an encrypted channel, however, requires that the user's Web browser and your Web server both support the encryption scheme used to secure the channel. Specifically, when you enable your Web server's default secure communication settings, you require the user's Web browser to support a session key strength of 40-bits, or greater.
Important
- When you set security properties for a specific Web site, you automatically set the same security properties for directories and files belonging to that site, unless the security properties of the individual directories and files have been previously set.
- Your Web server will prompt you for permission to reset the properties of individual directories and files when you attempt to set security properties for your Web site. If you choose to reset these properties, your previous security settings will be replaced by the new settings. The same condition applies when you set security properties for a directory containing subdirectories or files with previously set security properties. For more information about setting properties, see the Properties and Inheritance of Properties on Sites section in About Web Sites.
To enable encryption
Note You cannot establish secure, encrypted communications unless you have installed a valid server certificate. See Creating and Managing Key Pairs and Obtaining a Server Certificate for more information.
- In Internet Service Manager, select a Web site, directory, or file, and open its property sheets.
- If you have not previously created a server key pair and certificate request, select the Directory Security or File Security property sheet, under Secure Communications, click Key Manager. For procedural information about using Key Manager, see Creating and Managing Server Key Pairs.
- If you have previously created a server key pair and certificate request, select the Directory Security or File Security property sheet, under Secure Communications, click Edit.
- In the Secure Communications dialog box, select the Require Secure Channel when accessing this resource check box.
- Instruct users to establish a secure HTTPS connection with your Web content (that is, the URL for the restricted Web site should start with https:// rather than http:// ).
Note To maintain the performance level of your Web server, consider using SSL encryption only for sensitive information, such as financial transactions. Encrypted transmissions can significantly reduce transmission rates and server performance.
© 1997 by Microsoft Corporation. All rights reserved.