Get a glimpse inside Roberta Bragg's book "Hardening Windows Systems" with this series of book excerpts. Below is an excerpt from Chapter 11, "Harden Communications." Click for the complete book excerpt series or purchase the book.
Using SSL to protect Web-based communications requires the use of certificates. Certificates are used to provide server authentication, proving the Web server's identity to the client browser or application. They are also used for secure exchange of secure keys to be used for encrypting communications between client and server. This is the basis for the secure exchange of data for e-commerce and other sensitive Web communications.
Client authentication can also be required and is discussed in Chapter 12.
Server-side use of SSL is configured in this way:
1. Use the IIS Administration tools to create a certificate request.
2. Forward the request to a public or private certification authority (CA)
3. Install the returned certificate on the Web server.
4. Configure site requirements for SSL authentication.
To download the complete 'Harden Communications' chapter, click for the .pdf.
Click here to return to the SearchWindowsSecurity.com Book Excerpts Library.
This was first published in March 2005