 | Setting up a SSL server on IIS with Windows 2000 Server |
| | | | | | | To setup an SSL server on Windows 2000 Server running Microsoft Internet Information Services open up Internet Information Services Manager. |
Open up Internet Information Services by clicking on the Start button, located on the toolbar, and then selecting from the menu Settings -> Control Panel.
In the Control Panel folder double-click on the icon "Administrative Tools". (Note: If this icon does not appear it could be because you do not have administrative privilages.)
Once the Administrative Tools folder is open, double-click on the icon "Internet Services Manager". This will open up Microsoft Internet Information Services (IIS) Manager's main configuration screen.
Right-click on the computer icon and from the menu select New and Web Site. (Note: If you are using Windows XP Professional you are limited to one web site per web server so you'll have to modify your current web site.) |  |
The following screen will be displayed and titled "Welcome to the Web Site Creation Wizard". We will create a new web site called "SSL Web Site" where we will implement SSL. Once the new web site is created we will then set it up for SSL communications.
Click "Next" to continue with the setup wizard. |  |
Enter in the name of the web site. In this example we will name our new SSL web site "SSL Web Site" so that we will be able to distingish the SSL web site between other Non-SSL web sites located on our web server.
Click "Next" to continue with the setup wizard. |  |
Enter in the IP address to use for the web site in the box provided. It is best that we do not leave this value the default value of (All Unassigned). Your IP address can be selected from the drop-down box.
Enter in a TCP port value for the SSL web site. In our example we have entered in a value other than the default value of 80 because it was already taken by another web site on the web server.
Click "Next" to continue with the setup wizard. |  |
Enter in the web site home directory in the following screen.
Click "Next" to continue with the setup wizard. |  |
The permission screen is displayed. By default "Read" and "Run scripts" is already checked.
Click "Next" to continue with the setup wizard. |  |
Our new web site has been created. In the next few steps we will setup SSL on this web site.
Click "Finished" to continue. |  |
The new web site ("SSL Web Site") should be now be displayed in the web server.
Right-click on the web site you created and from the menu select Properties. |  |
| The web site properties dialog is displayed. Select the Directory Secuirty tab. |  |
| From the Directory Security tab select Select Certificate. In order to enable SSL on our web site we need a certificate. There are many different web sites that provide certificates for use on IIS. To show how to setup an SSL web site we will use a trial certificate that Verisign provides to anyone. |  |
The web server certificate wizard is shown. What we first need to do is create a certificate request and then we will sign up for a trial certificate provided by Verisign and Verisign will provide us with our certificate response which we will later enter into the certificate wizard.
Click "Next" to continue with the setup wizard. |  |
Ensure that "Create a new certificate" option is checked.
Click "Next" to continue with the setup wizard. |  |
Ensure that "Prepare the request now, but send it later" option is checked.
Click "Next" to continue with the setup wizard. |  |
Enter in the name of the certificate and then select the bit length of encryption. The name of the certificate can be anything. The bit length of encryption is generally set to 1024 for most web sites even though IIS defaults to 512.
Click "Next" to continue with the setup wizard. |  |
Next enter in the Organization and Organizational Unit. Anything will do for these two values.
Click "Next" to continue with the setup wizard. |  |
Enter in the common name for the web server. It is recommended that you leave this setting alone.
Click "Next" to continue with the setup wizard. |  |
Next enter in the location of the web server. It is important that you enter in the full name and of locations not abbreviations. (Ie. Arizona not AZ.)
Click "Next" to continue with the setup wizard. |  |
The web server certificate wizard will create a certificate request and it will ask you where you want to save it to. Save it somewhere where you can easily access it because you will need to open up the file and submit it to Verisign in order for a certificate response to be sent back to you.
Click "Next" to continue with the setup wizard. |  |
A summary of the certificate is shown.
Click "Next" to continue with the setup wizard. |  |
The certificate request has now been created and saved in the text file that you specified.
Click "Finished" to continue setting up SSL. |  |
| Open up in notepad the certificate request that was created and copy the all the text. |  |
| Next open up a web browser and navigate to http://www.verisign.com/. Once the page has loaded up find the link "SSL Trial ID" and click on it. |  |
| Verisign will ask you for your information. Just enter it in and click on Submit. |  |
| The Verisign web site will now take you though the process of obtaining a certificate. Click the "Continue" button located on the web site to continue with this process. |  |
| We've already generated a CSR just click the "Continue" button agian. |  |
| On the following web page you will have to enter in the certificate request that you copied earlier. Make sure you copy it into the box located on the web site and then click on the "Continue" button to continue. |  |
| Agian you are going to have to enter in your information. Make sure that the City, State, and Country matches the City, State, and Country you used to create the certificate request. Also make sure that you enter in a real e-mail address (yahoo or hotmail will do) because the certificate response will be sent to you and you will need it to complete the SSL certificate setup on your web site. Click "Accept" when you are done filling out this form. |  |
| This page confirms that the everything went ok. A certificate response will be e-mailed to you. |  |
| Check your e-mail, you should have recieved an e-mail titled, "Verisign Trial Server ID". Open up this e-mail. |  |
| At the bottom of the e-mail Verisign sent you is the certificate that you need. Copy this text from the BEGIN CERTIFICATE to the END CERTIFICATE include those lines. |  |
| Open notepad, paste the text into it and save the file as response.txt. |  |
Go back to your web site's Properties dialog and click on the Directory Security tab. Click on the Server Certificate button. Click "Next" until you come to the screen shown. Make sure the "Process the pending request and install the certificate" option is selected.
Click "Next" to continue with the setup wizard. |  |
| In this dialog you have to select the file where the certificate response was saved. In our case it was response.txt. So click on Browse and select the response.txt file we created. |  |
| Click "Next" to continue with the setup wizard. |  |
The certificate summary is displayed.
Click "Next" to continue with the setup wizard. |  |
The web site is now installed with an active certificate. We just need to change a few more settings to complete the setup.
Click "Finished". |  |
| Click on the "Edit" button located in the Directory Security tab of the web site's Properties dialog. Here we will change a few of the SSL settings. |  |
| Ensure that "Require secure channel (SSL)" is selected and click "Ok". |  |
| Next goto the Web Site tab of the web site Properties dialog. For SSL port enter in 443. Click "Ok". The SSL site should now be up and running. If it is not restart the IIS server. |  |
| To access your SSL site enter in "https://" followed by the computer's name. In our example, our computer name or common name is futurama. So we entered in https://futurama/index.htm |  |
| If your SSL does not work it is recommended that you use the SSL Diagnostic tool provided by Microsoft. Also make sure the SSL ISAPI "sspifilt.dll" filter that comes with IIS is loaded. Ensure that the SSL filter that comes with IIS has top priority over your other ISAPI filters to ensure that SSL works at all times. |
|
|
|
