Get a Certificate for the Test Site

Since we'll be collecting names, addresses, and other personal information on our site, it's a good idea to encrypt the traffic traveling across the Internet. Also, a certificate will prove our identity on the Internet and help people be more at ease that we are indeed a real entity. For the test site, a 'homegrown' certificate will suffice. For the production site, we'll need to get a commercial certificate.

As discussed in Chapter 10, the best practice for having your own CA (Certification Authority) is to make an offline root CA, and then delegate a certificate to a subordinate CA. You can then use the subordinate CA to issue certificates without risk of your entire certification system being compromised. Since this certificate is for a test site that no end users will ever see, and we are using the certificate only for this site, it's simpler to just make a CA and issue a certificate from there. It is still a good idea to issue the CA from another machine. (After all, we're using the test certificate just to make sure we have the code for SSL set up correctly.)

Obtaining and installing the test certificate is a three-step process.

  1. Request the certificate in the IIS MMC.

  2. Grant the certificate request, generate the certificate in the CA MMC, and export the certificate.

  3. Process the request and install the export certificate back in the IIS MMC.

Here's how to request the test certificate:

  1. Install Certificate Services to another machine.

  2. Open the Properties window for the test web site.

  3. On the Directory Security tab, click Server Certificate.

  4. The Web Server Certificate Wizard pops up. Click Next.

  5. Choose to create a new certificate, and then click Next.

  6. Choose to Prepare The Request Now, But Send It Later, and click Next.

  7. Type in the name for the certificate: beer-brewers.com test site.

  8. Choose the bit length-1024 should be sufficient.

  9. Click Next.

  10. Type in the organization: beer-brewers.com is fine.

  11. The organization unit is for organizations that have multiple departments or divisions. For our purposes, beer-brewers.com is fine to use here.

  12. Click Next.

  13. The common name is important; it needs to be the DNS name of the site. So for this site we use test.beer-brewers.com.

  14. Click Next.

  15. Select the Country/Region, State/Province, and City/Locality. Remember not to use any abbreviations.

  16. Click Next.

  17. Select the name you wish to use for this certificate request. Remember this name and location; we'll need to find this file in the next section.

  18. Click Next twice.

  19. Click Finish.

Now that we have created a certificate request, we can issue the certificate:

  1. Open the Certification Authority MMC.

  2. Highlight the CA name, and choose Action | All Tasks | Submit New Request.

  3. Browse to the location of the certification request. If it's on a machine that is not accessible over the network, you may need to copy the request to a floppy and take it to the machine.

  4. Highlight the file, and click Open.

  5. Our certification request is now in the Pending Requests folder. Now we need to issue the certificate. Highlight the request in the Pending Requests folder, and choose Action | All Tasks | Issue.

  6. The certificate will then move to the Issued Certificates folder. Now we can export the certificate to send to the web server. Highlight the certificate in the Issued Certificates folder, and choose Action | All Tasks | Export Binary Data.

  7. Choose to export the Binary Certificate, and save the binary data to a file.

  8. Click OK.

  9. Select the name you wish to use for this certificate. Remember this name and location; we'll need to find this file in the next section. It's a good idea to use the .cer extension.

Now that we have a certificate export, we can go back into IIS and process the request for use

  1. In the IIS MMC, start the Web Server Certificate Wizard for the test site.

  2. Click Next.

  3. Choose to process the pending request, and click Next.

  4. Select the certificate file, and click Next.

  5. Choose the SSL port you will use for this certificate. The default, 443, is fine. Click Next.

  6. Click Next, and then click Finish.

We now have a fully installed certificate for our test site, and we can use this certificate to test our code. When you are finished, make sure that you delete both the request file and the certificate export. If someone were to obtain those files, our certificate could be compromised.




IIS 6(c) The Complete Reference
IIS 6: The Complete Reference
ISBN: 0072224959
EAN: 2147483647
Year: 2005
Pages: 193

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net