Installing an SSL Certificate
The operation of CCF is dependent upon interaction with Web services. A typical CCF environment is built around servers, clients, and networks, all of which are secure. You can add another level of security to Web sites themselves with SSL.
Note
To use SSL successfully, the SI will need to obtain a valid server certificate, which must be signed by a trusted root authority.
If obtaining a certificate is not feasible, you may use a certificate self-test tool called selfssl.exe. This tool is part of the IIS 6.0 Resource Kit available from Microsoft. You can use this tool to generate a self-signed, trusted certificate. The tool uses its own command line and is available in Start -> All Programs -> IIS Resources. The syntax is:
selfssl /T /N:CN=CCFIIS /v:9999
- /T - adds the self-signed certificate to the Trusted Certificates list. This will tell the local browser to trust the self-signed certificate
- /N:CN= - Specifies the common name of the certificate. If you do not specify the certificate name, the script uses the computer name. In the example given, the machine name is CCFIIS, yours may be different.
- /K: key size - Specifies the key length. Default is 1024.
- /V: - specifies the length of the validity, in days, of the certificate. Default is 7 days.
- /S:site id - specifies the id of the site. Default is 1 (Default Site).
- /P: port - specifies the SSL port. Default is 443.
- /Q - quiet mode – The script does not prompt you when SSL settings are overwritten.
In the example CCFIIS is the IIS server name. Use the name of the machine in your particular instance.
Note
For security reasons, the use of self-signed certificates is not recommended for any purpose other than testing or development.