|
1. Overview
In this guide you will find out how to test, purchase, install and use a thawte Digital Certificate on your Microsoft Internet Information Services (MS IIS) web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
We will also touch on the role of thawte as a trusted third party and how using a thawte digital certificate can benefit your business by addressing unique online security issues to build customer confidence.
The information in this guide applies to:
Microsoft Internet Information Services version 4.0 Microsoft Internet Information Services version 5.0 Microsoft Internet Information Services version 5.1 Microsoft Internet Information Services version 6.0
2. System Requirements
You must have the latest Service Pack installed for the particular version of MS IIS being used.
Service Pack guideline:
If you are running MS IIS 4.0, you should have Service Pack 6a installed.
If you are running MS IIS 5.0 or MS IIS 5.1, you should have Service Pack 3 installed.
3. Generating your Private Key and Certificate Signing Request (CSR) Pair
Before you can begin the process of obtaining a Certificate, you must generate a Private Key and CSR pair off the web server. This is done through the IIS Management Console (IIS must be installed before you can generate a Private Key and CSR pair off the web server).
A CSR is basically a Public Key that you generate on your server that validates the computer-specific information about your web server and Organization when you request a Trusted Certificate from thawte.
Glossary of Terms
Asymmetrical Cryptography
A cryptographic method using a combined public and private key pair to encrypt and decrypt messages. To send an encrypted message, a user encrypts a message with the recipient's public key. Upon receipt, the message is decrypted with the recipient's private key. Using different keys to perform the encryption and decryption functions is known as a trap-door one way function, that is, the public key is used to encrypt a message but it cannot be used to decrypt the same message. Without knowing the private key, it is practically impossible to reverse this function when modern strong encryption is used.
Certification Authority
A certificate authority (CA) is an organization (such as thawte) that issues and manages security credentials and public keys for message encryption.
Certificate Signing Request (CSR)
A CSR is a Public Key that you generate on your server that validates the computer-specific information about your web server and Organization when you request a Certificate from thawte.
Private Key
A private key is numeric code used to decrypt messages encrypted with a unique corresponding public key. Integrity of encryption depends on the private key being kept secret.
Public Key
A public key is a numeric code which enables encryption of messages sent to the holder of the corresponding unique private key. The public may be freely circulated without compromising encryption increasing the efficiency and convenience of enabling encrypted communication.
Public Key Infrastructure (PKI)
A method for exchanging information securely within organizations, industries, nations or even worldwide. A PKI uses the asymmetric encryption method for encrypting IDs and documents or messages. (this is also known as the "public/private key" method).
A PKI starts with a certificate authority (CA) such as thawte, which issues and revokes digital certificates (digital IDs) authenticating the identity of people and organizations over a public system such as the Internet.
Symmetric Cryptography
A cryptographic method where the same key is used for both encryption and decryption. This approach is handicapped by the security risks involved in secure distribution of the key since it must be communicated to and known by both sender and receiver without being disclosed to third parties.
|
