The system and software requirements for using SSL under the Windows operating environment are:
A computer that runs Windows 2000 (or later).
Depending on your configuration, it might be useful to have access to the Internet and a Web browser such as Netscape Navigator or Internet Explorer.
The TCP/IP communications access method.
Microsoft Certificate Services add-on software.
The Microsoft Certificate Authority application (which is accessible from your Web browser) if you will run your own CA.
In order for a SAS/CONNECT client session to connect to a SAS/CONNECT server session via a Windows spawner using SSL encryption, ensure that the client session runs on a machine that has a Trusted CA Certificate.
The Windows spawner must run on a machine that has a Trusted CA Certificate and a Personal Certificate.
Knowledge of your site's security policy, practices, and technology. The properties of the digital certificates that you request will depend on the security policies that have been adopted at your site.
Complete information about configuring your Windows operating environment for SSL is contained in the Windows installation documentation and at www.microsoft.com.
The following keywords might be helpful when searching the Microsoft Web site:
digital certificate services
digital certificate authority
digital certificate request
site security planning.
The process for generating digital certificates under the Windows operating environment follows :
The user requests a digital certificate from a certificate authority (CA).
The CA issues a digital certificate.
The digital certificate is installed in a certificate store.
The tasks that you perform depend on the CA that you use:
See 'Generating Digital Certificates Issued by Microsoft Certificate Authority' on page 608
See 'Generating Digital Certificates Issued by a Certificate Authority That Is Not Microsoft' on page 609.
The following tasks are performed to generate digital certificates issued by the Microsoft Certificate Authority:
If you are running your own CA, the system administrator uses Microsoft Certificate Services to create an active Certificate Authority (CA).
The user
uses the Certificate Request wizard to request a digital certificate from an active enterprise CA. The Certificate Request wizard lists all digital certificate types that the user or computer is eligible to obtain.
selects a digital certificate type
specifies security options
submits the request to an active CA that is configured to issue the digital certificate.
After the CA issues the requested digital certificate, the digital certificate is automatically installed in the Certificate Store. (See Display A3.1 on page 608 for an example.)
Figure A3.1: Digital Certificate Installation in the Certificate Store
The following tasks are performed to generate digital certificates that are not issued by the Microsoft Certificate Authority:
the user requests a digital certificate from a CA and the digital certificate is issued.
the user imports digital certificates to a Certificate Store by using the Certificate Manager Import Wizard application from a Web browser. The digital certificates can be generated by using the Certificate Request wizard or any third-party application that generates digital certificates.
Note: The Windows operating environment can import digital certificates that were generated in the UNIX operating environment. If you want to convert from PEM format (UNIX) to DER format (Windows) before importing, see 'Converting between PEM and DER File Formats' on page 611.
Digital certificates that were issued by a third-party application can be imported to an appropriate Certificate Store, as follows:
Certificate Type | Certificate Storage Location |
---|---|
Client | Personal Certificate Store |
Server | Personal Certificate Store |
CA (self-signed) | Trusted Root Certification Authorities |
Perform the following tasks to import a digital certificate to a Certificate Store:
Access the Certificate Manager Import Wizard application from your Web browser. From the Tools pull-down menu, select
Tools - > Internet Options - > Content tab - > Certificates button
Select the Personal tab in the Certificates window and specify which files you want to import to a Certificate Store. (See Display A3.2 on page 610)
Figure A3.2: Digital Certificate Selections for a Personal Certificate Store
Click Import and follow the instructions to import digital certificates.
Repeat this task in order to import the necessary digital certificates for the CA, the server, and the client, as appropriate.
After you have completed the selections for your personal Certificate Store, select the appropriate tab to view your selections.
To view the details about a digital certificate, select the digital certificate and click View. The results are shown in Display A3.3 on page 610.
Figure A3.3: Digital Certificate Details Tab