Creating a Certificate Trust List on Your Server

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

You can use the Certificate Trust List Wizard to create CTLs and to add new root certificates to your CTLs. By default, IIS installs the most commonly used CA root certificates.

Important

You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /user:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".

Procedures

To create a certificate trust list on your server

  1. In IIS Manager, expand the local computer, and then expand the Web Sites folder.

    Note

    CTLs can be applied only at the Web site level, not at the virtual directory or file level. CTLs are not available on FTP sites.

  2. Right-click the Web site that you want, and then click Properties.

  3. On the Directory Security tab, under Secure Communications, click Edit.

    Note

    The Edit button is enabled only if a server certificate has been installed on the site. For information about obtaining and installing a server certificate, see Obtaining Server Certificates and Installing Server Certificates.

  4. In the Secure Communications box, select the Enable certificate trust list check box, and then click New.

  5. Follow the steps in the Certificate Trust List Wizard, which will guide you through the process of creating a CTL.