Larry;

Sorry to bug you again on this topic, but I have searched MSDN and cannot find any mention of creating your own certificates, rather than shelling out the cash to Verisign or whomever. Can you point me to some resource for instructions?

Since the web site is strictly for my clients, we don't feel we need more than a home-certified certificate.

TIA

>>1) Do I need to install a component into IIS which is not installed by default?
>No. Everything that MS provides for SSL is installed by default.
>
>>2) I am using password access at the welcome screen. After that, do I simply >use the same browsing techniques, except use HTTPS in the address and in the >web page header?
>No. The following is written with IIS 4.0 Internet Service Manager in mind so there may be some slight changes because you are using IIS 5.0.
>
>In order to enable SSL on your server you have to install a secure Certificate. If you have MS Certification Server installed, you can create one of your own. Basically, you are certifying that you are a good guy. While this may be okay for you, your company and probably your family *g*, it usually isn't okay for the rest of the world. You have to get a certificate from some outside trusted source like VeriSign. There are instructions on the MS web site on how to generate a certification key file and then you need to send that to your certifying authority. There is a fee (VeriSign charges about $350 US for basic certification.
>
>Once you have a certificate installed, you need to configure the web site to be secure. Bring up the Properties dialog for the specific web site. Under Directory Security - Secure Communications - Edit, check the "Require Secure Channel when accessing this resource" checkbox. This will force end users to use HTTPS when accessing your site. The IP port for SSL defaults to 443 and most browsers (IE, Netscape) know this and attempt to connect using this port when you specify HTTPS in the URL. If you change it, then you will need to publish this to your clients.
>
>Note: If you don't have any certificates installed on your system, the Secure Communications - Edit button displays an interface that helps in generating a certification request file to send to the certifying authority.