Internet Information Services now comes with three new security task wizards that simplify most of the security tasks necessary to maintain a secure Web site. You can use the Web Server Certificate Wizard to manage Secure Sockets Layer (SSL) features in IIS and server certificates. Certificates are used in negotiating a secure link between your server and a user's browser. You can use the CTL Wizard to manage certificate trust lists (CTLs). Certificate trust lists are lists of trusted certification authorities for each Web site or virtual directory. You can use the Permissions Wizard to assign Web and NTFS access permissions to Web sites, virtual directories, and files on your server.
The Certificate, CTL, and Permissions wizards perform many of the tasks formerly done in the the Internet Information Services snap-in. With the exception of the Permissions Wizard, these functionalities are no longer accessible in the Internet Information Services
Obtaining, configuring, and renewing server certificates can now all be done through one interface in the Web Server Certificate Wizard. The wizard can detect whether a server certificate has already been installed and if it is about to expire. You can use the wizard to replace the server certificate with another one from a certification authority (CA), from an online CA, such as Microsoft Certificate Services, or from a file previously obtained in Key Manager. You can also reassign a certificate from one Web site to another Web site. You can also use the wizard to view certificates.
Note Online requests for server certificates can only be made to Enterprise Certificate Services. The IIS Web Server Certificate Wizard will not recognize a stand-alone Certificate Services on the same machine. Use the offline certificate request to save the request to a file, and then process as an offline request (see the Certificate Services documentation). Online enrollment using local Enterprise Certificate Services is not affected.
Note If you are not using an online certification authority, you will need to save the request file generated by the Web Server Certificate Wizard to disk and send it to the CA. When the response is received, you can start the wizard and it will begin where it left off before. If you are replacing a certificate, IIS will continue to use the old certificate until the new request is completed. For a list of certification authorities supporting Internet Information Services, see Obtaining a Server Certificate.
You can use the CTL Wizard to create and configure certificate trust lists (CTLs). A CTL is a list of trusted certification authorities (CA) for a particular Web site. By configuring your CTL, you can allow certificates issued by one CA to be used but not from another CA. CTLs are especially useful for Internet Service Providers (ISPs) who have several Web sites on their server and who need to have a different list of approved certification authorities for each site. CTLs are available only at the Web site level and are not available for FTP sites.
The Permissions wizard takes a scenario–driven approach in setting up Web and FTP permissions, NTFS access permissions, and authentication schemes. Rather than setting each area with a separate user interface, you select the scenario that most closely resembles your site's needs and the wizard sets all of the access permissions and authentication schemes for you. One of the great advantages of this is that the wizard will ensure that Web (or FTP) and NTFS permissions are properly coordinated and that the correct authentication scheme is used. All of the settings can still be changed in the IIS snap–in. The scenarios are:
To access the Web Server Certificate Wizard and the CTL Wizard from the Internet Information Services snap-in:
Note
To access the Permissions Wizard from the Internet Information Services snap-in:
Note Use the following guidelines when assigning IP addresses, Web sites, and SSL ports to your server certificates: