Use this dialog box to configure Secure Sockets Layer (SSL) settings for encrypted communication. When a Web browser supporting secure communications connects to a Web site configured to use SSL (URLs starting with https:// ), a secure connection protects the data being transferred. A client certificate is a digital identification issued by a trusted, third-party organization, referred to as a certification authority. You can configure your Web server to accept, require, or reject client certificates as a means of establishing a connection with a particular file or directory. Users attempting to access a site with client certificates can be mapped; users without client certificates can use other authentication methods. Client certificate mappings match information contained in a client's certificate against Windows user account information. A certificate trust list (CTL) is a list of approved certification authorities for a particular Web site.

Require secure channel (SSL)

Select to configure IIS to require an encrypted communication link for a Web browser to connect with this Web site, directory, or file. When this option is selected, all data sent to and from this Web site is encrypted using a certificate.

Require 128 bit encryption

Select to configure IIS to require a 128-bit encrypted communication link for a Web browser to connect with this Web site, directory, or file.

Ignore client certificates

Select to allow users access to this site without being prompted to present a client certificate.

Accept client certificates

Select to allow access for users with client certificates, without requiring the certificate. Users with client certificates can be mapped; users without client certificates can use other authentication methods.

Require client certificates

Select to allow only users with a valid client certificate to connect. Users without a valid client certificate are denied access to this site. Before you can select this option to require client certificates, you must select the Require secure channel (SSL) option.

Enable client certificate mapping

Select to configure your server to authenticate users who log on with a valid client certificate.

Edit

Click to edit or, if no certificate mapping exists, create a client certificate mapping. When a user logs on to your Web site with a certificate, their permissions match those of the user account to which the certificate is mapped.

Enable the Windows directory service mapper

Select to use directory service client-certificate mapping rather than one-to-one or many-to-one mapping. To enable this service, the server must be a member of the Windows Server 2003 domain.

Enable certificate trust lists

Select to edit existing CTLs or create a new one. A CTL is a list of approved certification authorities for a particular Web site and are applicable only at the Web-site level.

Current CTL

Click a CTL for this site from the list box.

New

Click to create a new CTL for this site.

Edit

Click to change the settings of the currently selected CTL in the list box.

Related Topics