On IIS 6.0,
how
do I configure my website to use SSL?
By default, web
browsing is being performed by use of
the HTTP protocol, i.e. a connection
between the client computer (using a web
browser) to the web server (using IIS,
Apache or any other sort of web server
program). HTTP relies on TCP
(Transmition Control Protocol) and uses
port 80 on the listening server.
The main security
issue with HTTP is the fact that all the
traffic between the client and the
server is done as clear text, meaning
that anyone could potentially "listen"
to your talk and grab frames and
valuable information from the net.
To
secure the transmission of information
between your web server running IIS 6.0
on Windows Server 2003 and your browser
clients, you can encrypt the information
being transmitted by using SSL (Secure
Sockets Layer).
Note: The
procedure for applying SSL on IIS 5.0
(on Windows 2000) and IIS 5.1 (on
Windows XP) is quite the same.
In order to
successfully use SSL you need to obtain
a Server Certificate. In this article I
will only focus on obtaining a
certificate from a local CA or importing
an already existing certificate.
However, it is possible (and in many
cases preferred) that you obtain the
Server Certificate from a trusted 3rd
party CA such as Verisign or Thawte. |