Re: certificates
From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 11/29/04
- Next message: D: "Integrated Windows Authentication and Windows XP"
- Previous message: Jordan: "Re: certificates"
- In reply to: Jordan: "Re: certificates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Nov 2004 00:42:52 +0100
Hi,
Here is some general information that may help.
How To Set Up an HTTPS Service in IIS
http://support.microsoft.com/?kbid=324069
How To Set Up SSL Using IIS 5.0 and Certificate Server 2.0
http://support.microsoft.com/kb/299525
Setup process depends on:
* version of operating system where IIS is running (Windows 2000, Windows
XP, Windows 2003 Server)
* origin of certificate (will you buy certificate from 3rd party CA
companies (e.g. Verisign, Thawte, ...) or will you issue your own
certificates)
You can issue your own certificates in two ways:
* you can use SelfSSL tool from IIS 6 resource kit (it works on Windows 2003
server and Windows XP
* you can setup your own CA server
IIS 6.0 Resource Kit Tools
http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&DisplayLang=en
The problem with your own certificates is that users outside your company
will not be able to recognize them by default like they would recognize e.g.
Verisign certificates. E.g. I have Verisign Root Certificate in my Trusted
Root Store. Therefore I trust any certificate issued by this CA. Since I
don't have your certificate in my trusted root store I would get a warning
that site that I am trying to access is not trusted. I would have an option
to choose whether I want to continue...
http://freeweb.siol.net/mpihler/nottrusted.jpg
Own CA servers are usually used for internal use while 3rd party CA servers
are used when e.g. doing business on-line with large number of people...
Here is additional information about Microsoft CA service
New features:
http://www.microsoft.com/technet/prodtechnol/winxppro/plan/pkienh.mspx
Operations guide:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03pkog.mspx
Managing PKI:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/mngpki.mspx
Best Practices:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx
Certificate templates -
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03crtm.mspx
Certificate Autoenrollment in Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx
Key archival -
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/kyacws03.mspx
Advanced certificate enrollment:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx
web enrollment:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx
CRLS: http://www.microsoft.com/technet/security/topics/crypto/tshtcrl.mspx
Feel free to post back with any additional questions...
I hope this helps,
Mike
"Jordan" <anonymous@discussions.microsoft.com> wrote in message
news:98a701c4d5a0$6adb0a00$a401280a@phx.gbl...
> Thanks for the reply, where can I find more information
> regarding how to set this up on some of my websites?
>
> Regards,
> Jordan
>
>>-----Original Message-----
>>Hi Jordan,
>>
>>There are usually at least two reasons. One if what you
> described -- server
>>authentication. E.g. I really want to know that I am
> talking to Microsoft
>>server when I am downloading patches; or I really want
> to know that I am
>>talking to my on-line bank server when I am entering
> data to access my
>>account information.
>>
>>The other purpose is to encrypt the data that is
> exchanged between the
>>server and the client. I don't want people to listen in
> on my conversation
>>when I am sending information from my computer to bank
> server -- or when
>>bank server replies with information.
>>
>>There are also client side certificates. They are used
> to authenticate users
>>to web server. This way server knows who it is talking
> to (since I am the
>>only one who is supposed to have the private keys).
>>
>>I hope this helps,
>>
>>Mike
>>
>>"Jordan" <anonymous@discussions.microsoft.com> wrote in
> message
>>news:989601c4d59c$8dd72c40$a401280a@phx.gbl...
>>> Hello,
>>>
>>> Question, what is the TRUE purpose of having a
>>> certificate for a website? just to prove the
>>> authenticity? saying this is the REAL site?
>>>
>>> Regards,
>>> Jordan
>>>
>>
>>
>>.
>>
- Next message: D: "Integrated Windows Authentication and Windows XP"
- Previous message: Jordan: "Re: certificates"
- In reply to: Jordan: "Re: certificates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
