Home > Others

How to configure SSL Secure Access in IIS 6

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

You can configure Secure Sockets Layer (SSL) security features on a Web server or a Web site to verify the integrity of your content, verify the identity of users, and encrypt network transmissions.

Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. as a security best practice, log on to your computer by using an account that is not in the Administrators group, and then useRunasCommand to run IIS Manager as an administrator. At a command prompt, typeRunas/user:Administrative_AccountName"Mmc % systemroot % \ system32 \ inetsrv \ iis. msc".

ProceduresTo configure SSL on a Web server or a Web site

  1. In IIS Manager, double-click the local computer, and then double-clickWeb SitesFolder.

  2. Right-click the Web site or file that you want to protect with SSL, and then clickProperties.

  3. UnderWeb site identificationClickAdvanced.

  4. InAdvanced Web site identificationBox, underMultiple identities for this Web site, Verify that the Web site IP address is assigned to port 443, the default port for secure communications, and then clickOK. Optionally, to configure more SSL ports for this Web site, clickAddUnderMultiple identities of this Web site, And then clickOK.

  5. OnDirectory SecurityOrFile SecurityTab, underSecure communications, ClickEdit.

  6. InSecure CommunicationsBox, selectRequire secure channel (SSL)Check box.

  7. To enable SSL client certificate authentication and mapping features, selectEnable client certificate mappingCheck box, clickEdit, Add the 1-to-1 or lower-to-1 mappings you need, and then clickOKThree times.

Note
If you set your Web site to require SSL, as in step 6 above, and you have not completed setting up SSL for the site, then users browsing your site will receive this error: "HTTP Error 403.4-Forbidden: SSL is required to view this resource. "To avoid this condition, either complete all the steps in the list above, or go back and clearRequire Secure Channel (SSL)Check box (see step 6 ).

Related Information

  • For information about enabling client certificates, see Enabling Client Certificates in IIS 6.0.

  • For information about client certificate mapping, see Mapping Client Certificates to User Accounts in IIS 6.0.

Enabling Client Certificates in IIS 6.0

Updated: August 22,200 5

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

You can require users attempting to access your Web site to log on with a client certificate. requiring a client certificate is just one aspect of protecting your server against unauthorized access. any user with a valid and trusted client certificate can establish a secure connection and access your resource. to protect your Web content from unauthorized access you must do one of the following:

  • Use Basic, Digest, or Integrated Windows authentication, in addition to requiring a client certificate.

  • Create a Windows account mapping for client certificates. For more information, see Mapping Client Certificates to User Accounts in IIS 6.0.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures, or you must have been delegated the appropriate authority. as a security best practice, log on to your computer by using an account that is not in the Administrators group, and then useRunasCommand to run IIS Manager as an administrator. At a command prompt, typeRunas/User:Administrative_AccountName"MmcSystemroot\ System32 \ inetsrv \ iis. msc". For information about delegating administrative authority, see "Delegating administration" in Help and Support Center for Windows Server 2003.

ProceduresTo enable client certificates

  1. In IIS Manager, double-click the local computer, and then right-click the Web site, directory, or file that you want and clickProperties.

  2. If you have not previusly obtained a server certificate, clickDirectory SecurityTab, and then underSecure Communications, ClickServer Certificate. For more information, see Obtaining Server Certificates.

  3. If you have previusly obtained a server certificate, clickDirectory SecurityOrFile SecurityTab, and then underSecure Communications, ClickEdit.

  4. InSecure CommunicationsBox, selectRequire secure channel (SSL)Check box. Requiring a secure channel means that users cannot connect to this site without using a secure link (that is, the link's URL must begin with https ://).

  5. UnderClient certificatesSelect one of the following to enable client Certificate authentication:

    • Accept client certificatesUsers can access the resource with a client certificate, but the certificate is not required.

    • Require client certificatesThe server will request a client certificate before connecting the user to the resource. Users without a valid client certificate will be denied access.
    • Ignore client certificatesUsers with or without a client certificate will be granted access.

 

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More