Implementing a PKI, Part II: Configuring IIS 6.0 - Configure the Website to Require a Client Certificate
(Page 5 of 5 )
As I stated in the beginning of the article, the target is to secure the communication between the Web server and the clients. To do this we will configure the website to require a user certificate:
- Go Start->Administrative Tools->IIS Manager.
- In the left pane, click your server and then click Web Sites. Click on Default Web Site and right click on it. Click Properties.
- In the Default Web Site Properties dialog box, click the Directory Security tab.
- On the Directory Security tab, click the Edit button in the Secure communications frame.
- Place a checkmark in the Require secure channel (SSL) checkbox and put a checkmark in the Require 128-bit encryption checkbox. Select the Require client certificates option in the Client certificates frame. Click OK in the Secure Communications dialog box.
- Click Apply and then click OK in the Default Web Site Properties dialog box.
Request a Client Certificate through the Web Enrollment Site
The user’s machine must present a client certificate to the Web server before the Web server will accept the user’s credentials. Users can request a client certificate from the Web enrollment site in the same way as I described in section (d). Also, don’t forget to install the CA’s certificate as I described in section (e).
Conclusion
Having described the process of implementing a PKI reminded me that this is not a simple task. You must have the patience to sit down and configure all the necessary settings to enable the correct operation of your Certification Authority. After all, it’s meaningless if you go through all this trouble and forget to require, for example, client authentication.
I have to admit that I lost my patience a couple of times when I was implementing and configuring the CA entity, but as you can see I’m still here. Anyway, I hope I gave you a good starting point on this, and if you need any further information I will be happy to provide you with it.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
AT&T devCentral & BlackBerry(r) Webcast Series: BlackBerry and GPS -Build Location Awareness into your BlackBerry Applications, July 10th -1:00PM EST. 
