General discussion

Locked

How to Implement SSL??

By paull ·
I have been given the task of implementing SSL on a NT4 server using IIS4. I have setup the Certificate Service successfully on NT4. We are not going to use an external certificate service for our certificates.

Could someone please give me someleeds or point me in the direction where I can read something to find out how to set this up?

Thanks
Shane Paull

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

How to Implement SSL??

by gbworld In reply to How to Implement SSL??

The help files with the product are, unfortunately, **** poor, as you no doubt have found out. I have some good news and some bad news.

1. The certificate service is fairly easy to create certs for SSL. The help file is fairly decent on this.

2. The bad news is that you will have to ship out a file for the cert to everyone who accesses your site. This is due to the fact that the cert does not map to a third party like Verisign, whom IE and NS trust.

My advice:
Get a cert from Verisign(or another trusted party), unless this is for your employees only. If this is an e-commerce initiative, the fact that your cert is not trusted will cost more in lost revenues than the few hundred dollars you will spend for a cert.

If you want togo ahead with the certificate service on IIS 4, I have done this and can help. You will have to trust me that it is a pain in the butt to implement, and really not worth it.

By the way, setting up the certificate service on the IIS box is simple,but a true CS certificate (which can sign certs for other clients) is considerably more expensive than a simple SSL cert.

I hate to be the bearer of bad tidings, but these are the breaks in the e-world.

Gregory A. Beamer
MCP: +I, SE, SD, DBA

Collapse -

How to Implement SSL??

by paull In reply to How to Implement SSL??

Poster rated this answer

Collapse -

How to Implement SSL??

by Rogge In reply to How to Implement SSL??

Hi!

First thing you must know is that if you will be you own root-CA (to create you own certificates) you either need a PKI structure or your own root-CA must be installed on all client PCs that should be able to connect to you.
This is becauseof how the trust works. When the client connects, it will check the server certificate to see if it?s a valid one. To do this it checks who created and signed the certificate. It does this up the chain of certificates to the root-CA. If the root-CA certificate can be validated, the client knows that the server certificate is who it claims to be. It now continues connecting and establishing the encryption.
If your root-CA certificate isn?t installed in all clients that want to connect this validation will fail.
With the PKI structure your certificate will be signed by a root-CA that is already installed in the major browsers (IE & Netscape).

If you create your own server certificates (without having a PKI) you can also create client certificates and install them on the clients at the same time as you install the root-CA certificate.

You can create client certificates when you have a PKI structure but you don't need to install any root-CA certificate in the clients.

Good luck!

Collapse -

How to Implement SSL??

by paull In reply to How to Implement SSL??

Poster rated this answer

Collapse -

How to Implement SSL??

by paull In reply to How to Implement SSL??

This question was closed by the author

Back to Security Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums