Configuring CCF to Use HTTPS (SSL) on IIS 6.0
The operation of CCF depends on interaction with Web services. A typical CCF environment is built on servers, clients, and networks, all of which are secure. You can use SSL to add another level of security to the Web sites.
Note
To use SSL successfully, the solutions integrator (SI) must obtain a valid server certificate signed by a trusted root authority.
If obtaining a certificate is not feasible, you can use a certificate self-test tool called selfssl.exe. This tool is part of the IIS 6.0 Resource Kit available from Microsoft. You can use this tool to generate a self-signed, trusted certificate. The tool has its own command line.
To start the self-test tool
- On the Start menu, click All Programs, and then click IIS Resources.
- Type the following:
selfssl /T /N:CN=CCFIIS /k:2048 /v:9999 /s:3 /p: 8443
Where:
- /T – adds the self-signed certificate to the Trusted Certificates list. This tells the local browser to trust the self-signed certificate
- /N:CN*<IisServer>*= – specifies the common name of the certificate. If you do not specify a common name, then the tool uses the computer name. In the example, the machine name is CCFIIS; however, yours should be the machine name for your IIS server.
- **/K:**key size – specifies the key length. The default is 1024.
- /V: – specifies the number of days that the certificate will be valid. The default is 7.
- **/S:**site id – specifies the ID of the site. The default is 1.
- **/P:**port – specifies the SSL port. The default is 443.
- /Q – specifies quiet mode. If you specify quiet mode, you will not be prompted when SSL settings are overwritten.
Note
For security reasons, do not use of self-signed certificates for any purpose other than testing or development.
See Also
Using Selfssl.exe to Generate a Certificate
Using the Certificates MMC Snap-in
Configuring Secure CCF Client Applications
Configuring Secure Web Services