SSL and TLS
What's in this chapter?
- Securing a website with SSL/TLS
- Securing an SMTP virtual server with TLS
- Securing an FTP site with TLS
When looking at a strategy to secure your application server infrastructure, it is important to examine several discrete elements:
- Secure the actual server that the application is running on.
- Ensure that only permitted users of the application are able to access the allowed functionality (and that all other users, including malicious attackers, are denied access).
- Ensure that your users know that they are connecting to the correct server, and, if required, secure traffic between the client and server.
Chapters 13 and 14 discuss many of the security options available with IIS 8.0. This chapter addresses security between the client and the server. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are industry standard technologies for authenticating machines (or users) and for encrypting traffic between two devices.
IIS 8.0 introduces three new features to help administrators manage and scale TLS-protected websites:
- A central certificate store that can be used by multiple IIS 8.0 servers
- Support for Server Name Indication (SNI), which provides functionality that allows multiple, disparate websites to be supported on a single IP address
- A new certificate store (Web Hosting) where IIS loads certificates “on demand,” allowing a greater density of TLS-enabled hosts on a single server