[This is preliminary documentation and subject to change]

Enabling Encryption

You can require users to establish an encrypted channel (https:// rather than http://) with your server before accessing a restricted Web site, directory, or file. The use of an encrypted channel, however, requires that the user's Web browser and your Web server both support the encryption scheme used to secure the channel. Specifically, when you enable your Web server's default secure communication settings, you require the user's Web browser to support a session key strength of 40 bits, or greater.

When you set security properties for a specific Web site, you automatically set the same security properties for directories and files belonging to that site, unless the security properties of the individual directories and files have been previously set.
Your Web server will prompt you for permission to reset the properties of individual directories and files when you attempt to set security properties for your Web site. If you choose to reset these properties, your previous security settings will be replaced by the new settings. The same condition applies when you set security properties for a directory containing subdirectories or files with previously set security properties. For more information about setting properties, see the Properties and Inheritance of Properties on Sites section in About Web and FTP Sites.

To enable encryption

Before enabling encryption you must install a valid server certificate. See Using the New Security Task Wizards and Obtaining a Server Certificate for more information.

In the IIS snap-in, select a Web site, directory, or file, and open its property sheets.
If you have not previously created a server key pair and certificate request, select the Directory Security or File Security property sheet, then under Secure Communications, click Server Certificate. The Web Server Certificate Wizard will guide you through the procedures. For more information about the new wizard, see Using the New Security Task Wizards.
If you have previously created a server key pair and certificate request, select the Directory Security or File Security property sheet, then under Secure Communications, click Edit.
In the Secure Communications dialog box, select the Require secure channel (SSL) check box.
Instruct users to establish a secure HTTPS connection with your Web content (that is, the URL for the restricted Web site should start with https:// rather than http:// ).
Notes
- To maintain the performance level of your Web server, consider using SSL encryption only for sensitive information, such as financial transactions. Encrypted transmissions can significantly reduce transmission rates and server performance.
- Users can still establish an encrypted channel (https://) even if the Require secure channel (SSL) check box is not selected. If you want to require the user to establish a secure channel, select the Require secure channel (SSL) check box.