That'll work for an Intranet, but it won't work for an external application because everybody has to register the certificate authority before they can accept it. It's a hassle for everyone involved unless the machines are managed.
+++ Rick ---
>Hi Rick,
>I've used Cert Server certs so I could test HTTPS connections locally without having to give any extra money to people like Verisign. Is this a bad practice? It works with an annoying dialog that says "I don't know who the authenticator is, do you want to continue?". What kind of bugs can I expect if I continue to do this? Thanks.
>
>>Creating your own certificates works only for client side certificates not for secure certs used on a Web server as in HTTPS/SSL.
>>
>>Certificate Server is a piece of crap anyway. The certs it generates are buggy as hell and don't work most of the time.
>>
>>+++ Rick ---
>>
>>>Larry;
>>>
>>>Sorry to bug you again on this topic, but I have searched MSDN and cannot find any mention of creating your own certificates, rather than shelling out the cash to Verisign or whomever. Can you point me to some resource for instructions?
>>>
>>>Since the web site is strictly for my clients, we don't feel we need more than a home-certified certificate.
>>>
>>>TIA
>>>
>>>>>1) Do I need to install a component into IIS which is not installed by default?
>>>>No. Everything that MS provides for SSL is installed by default.
>>>>
>>>>>2) I am using password access at the welcome screen. After that, do I simply >use the same browsing techniques, except use HTTPS in the address and in the >web page header?
>>>>No. The following is written with IIS 4.0 Internet Service Manager in mind so there may be some slight changes because you are using IIS 5.0.
>>>>
>>>>In order to enable SSL on your server you have to install a secure Certificate. If you have MS Certification Server installed, you can create one of your own. Basically, you are certifying that you are a good guy. While this may be okay for you, your company and probably your family *g*, it usually isn't okay for the rest of the world. You have to get a certificate from some outside trusted source like VeriSign. There are instructions on the MS web site on how to generate a certification key file and then you need to send that to your certifying authority. There is a fee (VeriSign charges about $350 US for basic certification.
>>>>
>>>>Once you have a certificate installed, you need to configure the web site to be secure. Bring up the Properties dialog for the specific web site. Under Directory Security - Secure Communications - Edit, check the "Require Secure Channel when accessing this resource" checkbox. This will force end users to use HTTPS when accessing your site. The IP port for SSL defaults to 443 and most browsers (IE, Netscape) know this and attempt to connect using this port when you specify HTTPS in the URL. If you change it, then you will need to publish this to your clients.
>>>>
>>>>Note: If you don't have any certificates installed on your system, the Secure Communications - Edit button displays an interface that helps in generating a certification request file to send to the certifying authority.
