[This is preliminary documentation and subject to change]

Setting Up SSL on Your Server

You can configure your Web server's Secure Sockets Layer (SSL) security features to verify the integrity of your content, verify the identity of users, and encrypt network transmissions.

To set up SSL on your Web server
  1. Your Web server requires a valid server certificate to establish SSL communications. Use the Web Server Certificate Wizard to either generate a certificate request file (NewKeyRq.txt, by default) that you can send to a certification authority, or to generate a request for an online certification authority, such as Microsoft Certificate Services. For more information, see Using the New Security Task Wizards.

    If you are not using Microsoft® Certificate Services 2.0 to issue your own server certificates, then a third-party certification authority must approve your request and issue your server certificate. For more information see Obtaining a Server Certificate.

    note Note    Depending on the level of identification assurance offered by your server certificate, you can expect to wait anywhere from several days to several months for the certification authority to approve your request and send you a certificate file.

  2. After you receive a server certificate file, use the wizard to install your server certificate file. The installation process attaches, or binds, your certificate to a Web site.

    note Note    You can have only one server certificate per Web site.

  3. In the IIS snap-in, select the Web site that you want to protect with SSL and open its property sheets. On the Web Site property sheet, under Web Site Identification select Advanced.
  4. In the Advanced Multiple Web Site Configuration dialog box, under Multiple SSL identities of this Web Site, make sure that the Web site IP address is assigned to port 443, the default port for secure communications.

    You can have multiple SSL ports per Web site. To configure more SSL ports, click Add under Multiple SSL identities of this Web Site.

  5. On the Directory Security or File Security property sheet, under Secure Communications, click Edit.
  6. On the Secure Communications dialog box, configure your Web server to require a secure channel. If you require 128-bit key encryption, make sure your users' Web browsers support 128-bit encryption. For more information, see Encryption.

    note Note    For information about upgrading to 128-bit encryption capability, visit the Microsoft Product Support Services Web site.

  7. Under Secure Communications, click Edit. You have the option of enabling your Web server's SSL client certificate authentication and mapping features. See the following:

© 1997-2001 Microsoft Corporation. All rights reserved.