Setting Up SSL on Your Server

You can configure your Web server's Secure Sockets Layer (SSL) security features to guarantee the integrity of your content, verify the identity of users, and encrypt network transmissions. For more information, see About Security.

Note   Your Web server also supports the Private Communication Technology (PCT) 1.0 protocol for secure communications.

1. Your Web server requires a valid server certificate to establish SSL secure communications. Use the Key Manager utility to generate a certificate request file (NewKeyRq.txt, by default) and to create an encryption key pair file. For more information, see Creating and Managing Server Key Pairs. If your are not using Microsoft® Certificate Server 1.0 to issue your own server certificates, then a third-party certificate authority must approve your request and issue your server certificate. You can either forward your request file to the authority, or use Key Manager to deliver the request to an online authority. For more information see Obtaining a Server Certificate.

Note    Depending on the level of identification assurance offered by your server certificate, you can expect to wait anywhere from several days to several months for the certificate authority to approve your request and send you a certificate file.


2. After you receive a server certificate file, use Key Manager to install your server certificate file. The installation process attaches, or binds, your encryption key pair to the server certificate. See the Creating and Managing Server Key Pairs section for detailed information..
3. In Internet Service Manager, select the Web site that you want to protect with SSL and open its property sheets. On the Web Site property sheet, under Web Site Identification select Advanced.
4. In the Advanced Multiple Web Site Configuration dialog box, under Multiple SSL identities of this Web Site, make sure that the Web site IP address is assigned to port 443, the default port for secure communications.
5. On the Directory Security or File Security property sheet, under Secure Communications, click Edit (Notice that this button previously connected you to Key Manager; creating a key pair, changes the button so that it opens the Secure Communications dialog box).
6. On the Secure Communications dialog box, configure your Web server to require a secure channel. If you require 128-bit key encryption, make sure your users' Web browsers support 128-bit encryption. For more information, see Encryption.

Note   Due to export restrictions, the 128-bit key strength encryption feature is available only in the United States and Canada. For information about upgrading to 128-bit encryption capability, available with the Windows NT Server North American Service Pack 2.0, visit the Windows NT Server support Web site at http://www.microsoft.com/NTServerSupport/.


7. On the Directory Security or File Security property sheet, under Secure Communications, click Edit. On the Secure Communications dialog box, you have the option of enabling your Web server's SSL client certificate authentication and mapping features. See the following:
• Enabling Client Certificates
• Mapping Client Certificates to User Accounts

© 1997 by Microsoft Corporation. All rights reserved.