You can configure your Web server's Secure Sockets Layer (SSL) security features to verify the integrity of your content, verify the identity of users, and encrypt network transmissions.
- Your Web server requires a valid server certificate to establish SSL communications. Use the Web Server Certificate Wizard to either generate a certificate request file (NewKeyRq.txt, by default) that you can send to a certification authority, or to generate a request for an online certification authority, such as Microsoft Certificate Services. For more information, see Using the New Security Task Wizards.
If you are not using Microsoft® Certificate Services 2.0 to issue your own server certificates, then a third-party certification authority must approve your request and issue your server certificate. For more information see Obtaining a Server Certificate.
Note Depending on the level of identification assurance offered by your server certificate, you can expect to wait anywhere from several days to several months for the certification authority to approve your request and send you a certificate file.
- After you receive a server certificate file, use the wizard to install your server certificate file. The installation process attaches, or binds, your certificate to a Web site.
Note You can have only one server certificate per Web site.
- In the Internet Information Services snap-in, select the Web site that you want to protect with SSL and open its property sheets. On the Web Site property sheet, under Web Site Identification select Advanced.
- In the Advanced Multiple Web Site Configuration dialog box, under Multiple SSL identities of this Web Site, make sure that the Web site IP address is assigned to port 443, the default port for secure communications.
You can have multiple SSL ports per Web site. To configure more SSL ports, click Add under Multiple SSL identities of this Web Site.
- On the Directory Security or File Security property sheet, under Secure Communications, click Edit.
- On the Secure Communications dialog box, configure your Web server to require a secure channel. If you require 128-bit key encryption, make sure your users' Web browsers support 128-bit encryption. For more information, see Encryption.
Note Due to export restrictions, the 128-bit key strength encryption feature is available only in the United States and Canada. For information about upgrading to 128-bit encryption capability, visit the Windows 2000 Server support Web site at http://support.microsoft.com/support/.
- Under Secure Communications, click Edit. You have the option of enabling your Web server's SSL client certificate authentication and mapping features. See the following: