Configuring SSL on a Web Server or Web Site
Updated: August 22, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1
You can configure Secure Sockets Layer (SSL) security features on a Web server or a Web site to verify the integrity of your content, verify the identity of users, and encrypt network transmissions.
|You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /user:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".|
In IIS Manager, double-click the local computer, and then double-click the Web Sites folder.
Right-click the Web site or file that you want to protect with SSL, and then click Properties.
Under Web site identification click Advanced.
In the Advanced Web site identification box, under Multiple identities for this Web site, verify that the Web site IP address is assigned to port 443, the default port for secure communications, and then click OK. Optionally, to configure more SSL ports for this Web site, click Add under Multiple identities of this Web site, and then click OK.
On the Directory Security or File Security tab, under Secure communications, click Edit.
In the Secure Communications box, select the Require secure channel (SSL) check box.
To enable SSL client certificate authentication and mapping features, select the Enable client certificate mapping check box, click Edit, add the 1-to-1 or many-to-1 mappings you need, and then click OK three times.
|If you set your Web site to require SSL, as in step 6 above, and you have not completed setting up SSL for the site, then users browsing your site will receive this error: "HTTP Error 403.4 - Forbidden: SSL is required to view this resource." To avoid this condition, either complete all the steps in the list above, or go back and clear the Require Secure Channel (SSL) check box (see step 6).|
For information about enabling client certificates, see Enabling Client Certificates in IIS 6.0.
For information about client certificate mapping, see Mapping Client Certificates to User Accounts in IIS 6.0.