Using Certificate Trust Lists

You can configure your computer to accept certificates from a predefined list of certification authorities (CAs). You can automatically verify client certificates against your CTL. You can use the CTL Wizard to create and edit CTLs and to add new root certificates to your CTLs.

For example, an intranet administrator might create a list of trusted certification authorities for the department's Web site on an intranet, in the form of a CTL. IIS would accept only certificates from certification authorities on the department's CTL. When the members of that department logged on with a client certificate from a CA on the department's CTL, they would be automatically authenticated.

Notes

• The most commonly used CA root certificates are already installed by IIS.
• CTLs can be applied only at the Web site level, and not for virtual directories or files.
• CTLs are not available on FTP sites.

1. Log on to your computer by using the Administrator account.

Important   You must log on with the Administrator account for the following procedure. Other accounts belonging to the Windows Administrators group cannot be used.

2. In the Internet Information Services snap-in, open the Web site's property sheets.
3. On the Directory Security property sheet, under Secure Communications, click Edit.

Note   The Edit button is enabled only if a server certificate has been attached, or bound, to the site. For information about obtaining and installing a server certificate, see Using the New Security Task Wizards.

4. In the Secure Communications dialog box, select the Enable certificate trust lists check box, and click New. The CTL Wizard will guide you through the process of creating a CTL.

1. Log on to your computer using the Administrator account.
2. In the Internet Information Services snap-in, open the Web site's property sheets.
3. On the Directory Security property sheet, under Secure Communications, click Edit.
4. In the Secure Communications dialog box, select the CTL you want to modify and click Edit. The CTL Wizard will begin and guide you through the process of modifying a CTL.

Note   If you are using Microsoft Certificate Services 2.0 to issue certificates, you must also install a root certificate. For more information, see the Microsoft Certificate Services documentation.

© 1997-1999 Microsoft Corporation. All rights reserved.