Re: Using SSL with IIS 5.0 - how does it work.

From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 09/03/04

  • Next message: Yogita Manghnani [MSFT]: "RE: IIS 5.1 - http to port 8091, but can't change https from 443"
    Date: Fri, 3 Sep 2004 20:53:59 +0200
    
    

    Hi,

    Here is Microsoft article that describes in detail what is going behind the
    screen when someone tries to access your web site that is protected by SSL.

    Description of the Secure Sockets Layer (SSL) Handshake
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;257591

    SSL is used when clients needs to transfer data between computers in secure
    manner.
    This data can be e.g.
    * username and password when users authenticates to server (e.g. to check
    his/her e-mail) (client sends this data to the server)
    * content of the e-mail (sent from server to client)
    * information about your bank account (sent from server to client)
    * credit card number that you enter when peforming on-lins shopping (sent
    from client to server)

    If you want your users (maybe your clients) to trust your SSL certificate
    you will need to obtain certificate signature from Versign or Thavte
    (cheaper) or some other certification authority.
    If you need these certificates only for internal use you can e.g. setup your
    own certificate authority server or use SelfSSL utility from IIS 6 resource
    kit.
    If you have a domain environment it is quite simple to make your domain
    clients trust your own certificate authority.

    Here are some links that you might want to look at:
    IIS 6.0 Resource Kit Tools
    http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&DisplayLang=en

    Best Practices for Implementing a Microsoft Windows Server2003 Public Key
    Infrastructure
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx

    Windows Server 2003 PKI Operations Guide
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03pkog.mspx

    Managing a Windows Server 2003 Public Key Infrastructure
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/mngpki.mspx

    I hope this helps,

    Mike

    "Tavish Muldoon" <tmuldoon@spliced.com> wrote in message
    news:e2470f35.0409031031.32159b17@posting.google.com...
    > I was thinking of using SSL on my webserver - and looked it up:
    >
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;299525
    >
    > Would someone explain to me how a cerficate functions and what it is
    > doing behing the scenes. I assume all the data is encrypted then
    > decrypted at the client end - right?
    >
    > Anyone coming to my site will be prompted for a certificate - correct?
    > Or it is done automatically.
    >
    > How greatly is speed affected/
    >
    > When I generate a certificate - do I have to get it verified by some
    > third party - like Verisign?
    >
    > SSL is of use only if my data is very secret and I do not want others
    > to see it. For general information - it probably does not matter -
    > correct?
    >
    > Thanks,
    >
    > Tmuld.


  • Next message: Yogita Manghnani [MSFT]: "RE: IIS 5.1 - http to port 8091, but can't change https from 443"

    Relevant Pages

    • RE: SSL MITM not on port 443
      ... Have you ever done what you're trying to do on a "normal" SSL web ... My recommendation would be to set up a web server in your lab ... hopes that the client will accept that certificate. ... SSL MITM not on port 443 ...
      (Pen-Test)
    • Re: Antw: Re: LDAP Authentication Problem
      ... TLSv1 und wird auf einen SSL Client Hello Request mit TLSv1 nicht ... antworten anstatt ein SSLv3 Server Hello. ... the LDAP PAM module and the shadow package. ...
      (de.comp.sys.novell)
    • Re: stunnel, OpenSSL, certificates, etc. [was: SMTP server or "forwarding"?]
      ... Is there a way to find a server that might be there but I ... The client side of this is built into many email ... > how the ssl stuff works. ... Does the client need to have the certificate ...
      (Fedora)
    • Re: OWA 2003 w/ Smart Card Authentication.
      ... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
      (microsoft.public.exchange.connectivity)
    • Re: OWA 2003 w/ Smart Card Authentication.
      ... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
      (microsoft.public.exchange.connectivity)