Re: Using SSL with IIS 5.0 - how does it work.
From: Miha Pihler (mihap-news_at_atlantis.si)
Date: Fri, 3 Sep 2004 20:53:59 +0200
Here is Microsoft article that describes in detail what is going behind the
screen when someone tries to access your web site that is protected by SSL.
Description of the Secure Sockets Layer (SSL) Handshake
SSL is used when clients needs to transfer data between computers in secure
This data can be e.g.
* username and password when users authenticates to server (e.g. to check
his/her e-mail) (client sends this data to the server)
* content of the e-mail (sent from server to client)
* information about your bank account (sent from server to client)
* credit card number that you enter when peforming on-lins shopping (sent
from client to server)
If you want your users (maybe your clients) to trust your SSL certificate
you will need to obtain certificate signature from Versign or Thavte
(cheaper) or some other certification authority.
If you need these certificates only for internal use you can e.g. setup your
own certificate authority server or use SelfSSL utility from IIS 6 resource
If you have a domain environment it is quite simple to make your domain
clients trust your own certificate authority.
Here are some links that you might want to look at:
IIS 6.0 Resource Kit Tools
Best Practices for Implementing a Microsoft Windows Server2003 Public Key
Windows Server 2003 PKI Operations Guide
Managing a Windows Server 2003 Public Key Infrastructure
I hope this helps,
"Tavish Muldoon" <firstname.lastname@example.org> wrote in message
> I was thinking of using SSL on my webserver - and looked it up:
> Would someone explain to me how a cerficate functions and what it is
> doing behing the scenes. I assume all the data is encrypted then
> decrypted at the client end - right?
> Anyone coming to my site will be prompted for a certificate - correct?
> Or it is done automatically.
> How greatly is speed affected/
> When I generate a certificate - do I have to get it verified by some
> third party - like Verisign?
> SSL is of use only if my data is very secret and I do not want others
> to see it. For general information - it probably does not matter -