RE: Secure Channel and StandAlone IIS box.

From: Jacob [MS] (jacobf@online.microsoft.com)
Date: 01/23/03 

From: jacobf@online.microsoft.com (Jacob [MS])
Date: Thu, 23 Jan 2003 09:09:43 GMT

Hi,

Based on your description, my understanding is that you want to configure SSL for IIS server. If I misunderstood your concerns, please let me
know.

To enable SSL in IIS, you must first obtain a certificate that is used to encrypt and decrypt the information that is transferred over the network.
IIS includes its own certificate request tool that you can use to send a certificate request to a certification authority. This tool simplifies the
process of obtaining a certificate. If you use Apache, you must obtain the certificate manually.
 
Configure Folder or Web Site to Use SSL/HTTPS:

This procedure assumes that your site has already has a certificate assigned to it.

1. Log on to the Web server computer as an administrator.

2. Click Start, point to Settings, and then click Control Panel.

3. Double-click Administrative Tools, and then double click Internet Services Manager.

4. Select the Web site from the list of different served sites in the left pane.

5. Right-click the Web site, folder, or file for which you want to configure SSL communication, and then click Properties.

6. Click the Directory Security tab.

7. Click Edit.

8. Click Require secure-channel (SSL) if you want the Web site, folder, or file to require SSL communications.

9. Click Require 128-bit encryption to configure 128-bit (instead of 40-bit) encryption support.

10. To allow users to connect without supplying their own certificate, click Ignore client certificates. Alternatively, to allow a user to supply their
own certificate, use Accept client certificates.

11. To configure client mapping, click Enable client certificate mapping, and then click Edit to map client certificates to users. If you configure
this functionality, you can map client certificates to individual users in Active Directory. You can use this functionality to automatically identify a
user according to the certificate they supplied when they access the Web site. You can map users to certificates on a one-to-one basis (one
certificate identifies one user) or you can map many certificates to one user (a list of certificates is matched against a specific user according to
specific rules. The first valid match becomes the mapping).

12. Click OK.

NOTE: If you would, please post this question in the IIS newsgroup. The IIS newsgroup is primarily for issues involving IIS server. The reason
why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the newsgroups
regularly can either share their knowledge or learn from your interaction with us.

Regards,

Jacob Fu

jacobf@online.microsoft.com
Product Support Services
Microsoft Corporation

This posting is provided Ħ°AS ISĦħ with no warranties, and confers no rights.
--------------------
| From: "at" <atarasul@spencerstuart.com>
| Subject: Secure Channel and StandAlone IIS box.
| Date: Tue, 21 Jan 2003 11:45:05 -0600
| Keywords: SChannel, IIS
|
| Hello,
| I'm evaluating security templates for standalone bastion IIS 5.0 on Win2K
| SP3 with principle - don't enable what can be disabled.
| The question I come up - what the value of Secure Channel settings for this
| server.
|
| SignOrSeal = Secure channel: Digitally encrypt or sign secure channel data
| (always)
| SealSecureChannel = Secure channel: Digitally encrypt secure channel data
| (when possible)
| SignSecureChannel = Secure channel: Digitally sign secure channel data (when
| possible)
|
| According to Microsoft Secure Channel settings relates only to communication
| between Member server and DC (which I don't have). However usage of
| schannel.dll for IIS SSL functionality hinting on possible relationship
| between functioning as HTTPS server and disabling those seemengly unneeded
| services.
| Any ideas?
|
| Thanks
| Alexander
|
|
|

Relevant Pages