Secure Sockets Layer (SSL) is used by IIS 6.0 and other webservers to secure traffic between the webserver and the client machines web browser. When a browser sends a request to a Web servers HTTPS port (TCP 443) the browser asks for the servers public encryption key. The public encryption key is one of two keys stored in the certificate issued by the CA.
The browser will verify the trusted nature and validity of the public key against its list of known trusted CA. Once verified, the browser creates its own random key pair and a handshake is initiated, which results in a session key, and a set of encryption and decryption keys. These keys are now known by both the webserver and the browser and are used to encrypt/decrypt the traffice between the two. There are a number of places to get an SSL cert for your webserver, and you can also install a CA in your domain to issue certificates. Lets take a look at how to get and install an SSL cert. Open up IIS Manager and go into the Web site properties, click on the Directory Security tab. Under the Secure Communications header press the Server Certificate button.
The Web Server Certificate Wizard will start, click Next to proceed. Select Create a New Certificate and click Next again.
We want to Prepare the request, but send it later.
Enter the name of the website, and select the bit length for the certificate. The longer the bit length the more secure, however the more processing power used to encrypt/decrypt the data.
Enter the organization and unit name before clicking Next.
Enter a common name and click Next.
Fill in the country, state/province and city and click Next again.
Specify the location to save the certificate request to....
....and verify the information. Click Next.
The certreq.txt file created can now be presented to the CA for generation of the certificate. Once the certificate has been created you will be issued a .cer file which you will import into IIS. This process is similar to issueing the request except this time we will choose to process the pending request and install the certificate.
Enter the path and name of the .cer file the CA issued and finish the wizard.
Test the certificate by going to https://your.domain.com. One last option we have to set, and it is optional, is to require SSL to be used. In this case any HTTP requests would be rejected. This option is set through the Web site properties, on the Directory Security tab. Click on the Edit button under the Secure Communications header and then tick the box next to Require Secure Channel.
