Viewing Certificate Details
The
contents of a server certificate include several details and
properties. To view this information, double-click an item in the
Server Certificates list for a Web server. The Certificate dialog box,
shown in Figure 15,
provides information about the server certificate. The General tab
displays details about the issuer of the certificate. For
Internet-based certificates, this will be the name of the trusted third
party that issued it. Additionally, certificates have a range of valid
dates.
The
Details tab displays additional properties of the certificate,
including the encryption method. The Certification Path tab shows the
entire trust hierarchy for the certificate. In environments that have
multiple levels of CAs, this is useful for tracking all the trust
relationships that are used. For the certificate to be considered
valid, all the levels must be trusted.
Web
users are also able to view security certificate details. This is
useful for validating the identity of a Web server or organization. In
Internet Explorer, users can right-click a Web page and select
Properties. The General tab shows a button for viewing the
certificate’s status and other details. (See Figure 16.)
Importing and Exporting Certificates
Once
a certificate has been installed on a Web server, you might need to
export it to a file. You can do this using IIS Manager by
right-clicking the certificate and choosing the Export
command. You can then provide an export location and file name for the
file along with a password to protect the certificate from being
installed by unauthorized users. (See Figure 17.)
By default, exported certificate files use the .pfx extension. However,
you can use any other extension. The contents of the exported
certificate are encrypted and protected, using the password you provide.
To import a certificate, click the Import
command in the Actions pane. You will be prompted to provide the file
system location of the exported certificate file along with the
password to open it. Additionally, you can choose whether you want to allow the certificate to be exported in the future.
Enabling Secure Sockets Layer
Once
you have added a server certificate to an IIS Web server, you can
enable connections, using SSL. SSL-based connections rely on
certificates to validate the identity of the Web server. Once the
identity has been proven, users can create a secure connection, using
the HTTP Secure (HTTPS) protocol. By default, HTTPS connections use TCP
port 443 for communications. To modify the details or to enable HTTPS
for a Web site, you must configure the site bindings for a Web site.
You
can also require SSL-enabled connections for specific Web sites by
using IIS Manager. To do this, select a Web site, a Web application, or
a folder, and then click SSL Settings in the Features view. Figure 18
shows the available options. The check boxes enable you to specify
whether SSL is required to access this content. If the option is
enabled, standard HTTP connections will not be enabled. Optionally, you
can specify whether client certificates will be ignored, accepted, or
required.
Overall,
server certificates and SSL provide a standard method of protecting
Web-based connections and Web server content. Support for server
certificates and SSL is often expected for all types of Web servers
that contain sensitive information.