Re: Newbie Security Question

Thanks very much I'll have a go. Regards.

"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:uuQWm$ZFHHA.1804@xxxxxxxxxxxxxxxxxxxxxxx
I actually don't know of any good books for doing IIS admin as I've never
read one, but it is pretty easy to figure this stuff out.

First, you need to configure the website itself with your SSL cert. That
is done by bringing up the properties for the web site and click the
server certificate button. Follow the wizard to request a new cert or use
one you already installed.

Then, once you create a virtual directory under the website, you can go
into the directory security tab and click "edit" under the secure
communications section and then change the options to "require secure
channel" and then change the radio button to "require client certificate".

HTH,

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Chris" <nospam@xxxxxxxxxx> wrote in message
news:%23kP8YQZFHHA.928@xxxxxxxxxxxxxxxxxxxxxxx
Do you konw of any good books or websites that will talk you through the
basics of securing the Virtual Directory as I am new to this. I want to
go down the virtual directory as we host servers on different sites so
Windows authentication mighten work, not with our network, I don't think.
Particularly what are the general steps to changing SSL policy to a
virtual directory level. Regards.

"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:uKjVojYFHHA.1280@xxxxxxxxxxxxxxxxxxxxxxx
You can change the SSL policy to use SSL and require a client
certificate at the virtual directory level, so that should work.
Regarding certs, basically you can use whatever you can get both the
servers and clients to trust, so if you can put the appropriate root CAs
in each of the machine's trusted roots store, you'll be ok. The
commercial CA is the easiest way to do this and is the only really
viable approach for use with the general public, but you have more
flexibility than that.

Depending on your needs, you might also just use Windows authentication
on those directories. Client certificates can be a bit of a pain from a
deployment standpoint.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Chris" <nospam@xxxxxxxxxx> wrote in message
news:%23susH4XFHHA.2464@xxxxxxxxxxxxxxxxxxxxxxx
I want to lockdown three or four pages of an otherwise publically access
web app. You have to login but providing you have the right username and
password you have access. These 3 or 4 pages should only be accessed
from certain webservers and of course the hosting server. I was thinking
of using client certificates but I don't want to make the whole site
require them, just the one directory. Can I make a virtual directory or
a subdomain require a client certificate for access. Preferably a
virtual directory. Also do I have to buy a certificate from a CA. I read
somewhere you can create your own internal ones as these machines are
all hosted by us. Regards.









.

Quantcast