Windows 2000 IIS 5
Issue and download a certificate
To issue a certificate in Certificate Server, follow these steps:
- Open the CA MMC snap-in. To do this, click Start, point to Programs, point to Administrative Tools, and then click Certificate Authority.
- In IIS 5.0, expand Certificate Authority and click the Pending Requests folder. Your pending certificate requests appear in the right pane. In IIS 6.0, expand the server name.
- Right-click the pending certificate request that you just submitted, select All Tasks, and then click Issue.
Note After you select Issue, the certificate is no longer displayed in this window and folder. It now resides in the Issued Certificate folder. - After you have issued (and authorized) the certificate, you can return to the Certificate Servers Web interface to select and download the certificate. To do this, follow these steps:
- Browse to http://YourWebServerName/CertSrv/.
- On the default page, select Check on a pending certificate and click Next. In IIS 6.0, click View the status of a pending certificate request.
- Select your pending certificate, then click Next to go to the download page.
- On the download page, click Download CA Certificate (do not click Download CA Certificate path or Download certificate chain).
- When you are prompted, select Save this file to disk and save the certificate to your desktop or another location that you will remember.
Install the certificate and set up an SSL Web site
To install the certificate, follow these steps:
- Open the Internet Services Manager and expand the server name so that you can view the Web sites.
- Right-click the Web site for which you created the certificate request and click Properties.
- Click the Directory Security tab. Under Secure Communications, click Server Certificate. This starts the Certificate Installation Wizard. Click Next to continue.
- Select Process the pending request and install the certificate and click Next.
- Type the location of the certificate that you downloaded in the \"Issue and download a certificate\" section, then click Next. The Wizard displays the Certificate Summary. Verify that the information is correct, then click Next to continue.
- Click Finish to complete the process.
Configure and test the certificate
To configure and test the certificate, follow these steps:
- On the Directory Security tab, under Secure Communications, note that there are now three available options. To set the Web site to require secure connections, click Edit. The Secure Communications dialog box appears.
- Select Require Secure Channel (SSL) and click OK.
- Click Apply and then OK to close the property sheet.
- Browse to the site and verify that it works. To do this, follow these steps:
- Access the site through HTTP by typing http://localhost/Postinfo.html in the browser. You receive an error message that resembles the following:
HTTP 403.4 - Forbidden: SSL required.
- Try to browse to the same Web page using a secured connection (HTTPS) by typing https://localhost/postinfo.html in the browser. You may receive a security alert that states that the certificate is not from a trusted root CA. Click Yes to continue to the Web page. If the page appears, you have successfully installed your certificate.
Troubleshooting
- The use of SSL slows performance between HTTP servers and browsers. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
150031 (http://support.microsoft.com/kb/150031/ )
Use of SSL creates performance overhead for browsers
- When you use Microsoft Visual InterDev version 6.0 to author Web sites with SSL, there are several issues and limitations to consider. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
238662 (http://support.microsoft.com/kb/238662/ )
Using Visual InterDev and Secure Sockets Layer
- This article discusses server certificates only. A server certificate enables users to authenticate your server, check the validity of Web content, and establish a secure connection. If you also intend to authenticate users who browse to your Web site, you may consider using client certificates. A typical client certificate contains several items of information: the identity of the user, the identity of the certification authority, a public key that is used for establishing secure communications, and validation information, such as an expiration date and serial number.