Secure Sockets Layer (SSL) connections provide secured transactions between the client browser and the server. SSL is often used to secure credit card transactions and other e-commerce functions, but SSL can be used to secure the traffic moving between the client and server in any situation in which the traffic must be secure from tampering or interception.
Setting up a web site for SSL isn’t exactly intuitive, nor does Windows 2000 automate the process with a wizard. It’s mostly a manual process that requires attention to detail to accomplish properly. In addition to obtaining and installing a certificate for the site, you also need to configure various settings in the site to make SSL work.
The first step in configuring a web site to support SSL is obtaining and installing a certificate for the site. If your network includes a Certificate Authority (CA) server configured with Certificate Services (either an enterprise or standalone CA), you can obtain the certificate from that server. Otherwise, you’ll need to obtain a certificate from an outside CA such as Verisign or Thawte. The following steps assume you’re obtaining a new certificate from a local CA and submitting the request through a web browser. Point your web browser to http://www.verisign.com or http://www.thawte.com if you don’t have a local CA.
Open the IIS console, right-click the web site, and choose Properties.
Click the Directory Security tab, ...