From Ryan Groom,
Your Guide to Business Security.
FREE Newsletter. Sign Up Now!

Introduction

This is the fourth topic in our certificate services series. In this article we will look at securing your web sites using Secure Sockets Layer (SSL). SSL is a security mechanism that allows you to send information between a client (web browser) and server (web site) encrypted. Think of when you do online banking. When you log into the site that looks like https://yournbankname.com, you are actually logging onto an SSL site (That’s what the ‘s’ in the https means – secure).

SSL works by using a certificate that the client computer trusts. When you visit your bank, they have purchased a certificate from a legitimate firm such as Thawte or Verisign. To obtain that certificate they must prove a number of criteria. If you want your own website to use SSL, we can use the Certificate Authority we installed to issue us a certificate for use with SSL. Remember this cert will not be automatically accepted by all as legitimate unless you also give them the base certificate. You can also incorporate ISA into the deal and have it publish the certificate out for you...but that’s another article. It all starts with a certificate request.

Here are the steps.

• Log on to your Web server as administrator.
• Click Start-Settings and Control Panel.
• Open Administrative Tools and then open Internet Services Manager.
• Select your Website.
• Right-click the Web site for which you want to configure SSL and click Properties.
• Click the Directory Security tab and then click Server Certificate under Secure Communications to start the Wizard.

Click here for IIS installation screenshot.

• Click Next.
• Select Create a new certificate. Click Next.
• Select Prepare the request now, but send it later. Click Next.
• Type a name for the certificate. Use whatever naming convention you desire, but it should make sense. Select a bit length.
• Type the organization name and the organizational unit (such as Web and IT Section). Click Next.
• Type the fully qualified domain name of the domain you are publishing out (www.mywebsite.com) as the common name. Click Next.
• Enter location information. Click Next.
• Type the save location. Click Next.
• Verify the information. Click Next.

Now submit the request to your CA so that you can grant yourself a valid certificate for your organization.

• Browse to http://YourCAserver/CertSrv/.
• Click Request a certificate.
• Click advanced certificate request.
• Click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
• Open the request document in Notepad. Copy the contents.
• Paste into the Web form's Base64 Encoded Certificate Request text box.
• Select Web Server or User. Click Submit.
• Click Download CA Certificate and save the file to disk.

Now you must issue the cert from your CA. Almost done.

• Open the CA MMC snap-in.
• Expand the server name.
• Right-click the pending certificate request that was submitted. Select All Tasks, and click Issue.
• Now that the cert has been issued you can select and download the certificate from your CertSrv webpage. Just follow the prompts.

Now we simply have to setup IIS to use the certificate and we are away.

• Expand the server name in Internet Services Manager.
• Right-click the Web site for which the certificate request was created. Click Properties.
• Click the Directory Security tab. Click Server Certificate. Click Next.
• Select Process the pending request and install the certificate. Click Next.
• Type the location where you saved the certificate. Click Next twice.
• Click Finish.

All Done

That’s all there is to it. Now when users connect to https://mysecurewebsite.com, their traffic will be encrypted. A very simple and very effective at keeping your website traffic secure.

If you are now addicted to certiifcates take a look at Two Factor Authentication methods that will beef up your password protection.