IIS 6, Windows 2003 Release 2, SSL and certificates

IIS 6 on Windows 2003 release 2 configures the default web site to use SSL.
I can understand why what with the general philosophy of locked down by
default. However, for an intranet, is it okay to turn if off? Otherwise
users get a certificate error. We don't want to specifically pay for a SSL
certificate for each IIS server for internal use. We have thought about
generating our own and distributing it around all the machines but that
seems a bit naff.

Any comments?

Thanks, Rob.

Re: IIS 6, Windows 2003 Release 2, SSL and certificates

Hi Rob,

Some organisations probably need/want SSL even for their intranet. But most
organisations probably do not need it, and can use http. So I would say, if
you cannot find such requirement, you can disabled SSL.

--
Regards,
Kristofer Gafvert
http://www.gafvert.info/iis/ - IIS Related Info


"Rob Nicholson" skrev i meddelandet
news:ui3LSNSLIHA.748@TK2MSFTNGP04.phx.gbl...
> IIS 6 on Windows 2003 release 2 configures the default web site to use
> SSL. I can understand why what with the general philosophy of locked down
> by default. However, for an intranet, is it okay to turn if off? Otherwise
> users get a certificate error. We don't want to specifically pay for a SSL
> certificate for each IIS server for internal use. We have thought about
> generating our own and distributing it around all the machines but that
> seems a bit naff.
>
> Any comments?
>
> Thanks, Rob.
>

Re: IIS 6, Windows 2003 Release 2, SSL and certificates

On Nov 22, 8:18 am, "Rob Nicholson" wrote:
> IIS 6 on Windows 2003 release 2 configures the default web site to use SSL.
> I can understand why what with the general philosophy of locked down by
> default. However, for an intranet, is it okay to turn if off? Otherwise
> users get a certificate error. We don't want to specifically pay for a SSL
> certificate for each IIS server for internal use. We have thought about
> generating our own and distributing it around all the machines but that
> seems a bit naff.
>
> Any comments?
>
> Thanks, Rob.


http://blogs.msdn.com/david.wang/archive/2005/08/02/Free-SSL -on-IIS.aspx

SSL is always free, assuming you can generate and distribute all the
certificates. When you pay for SSL, you are basically paying for the
secured distribution of the certificates, which is a NON-TRIVIAL
problem that is worth paying for.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

RE: IIS 6, Windows 2003 Release 2, SSL and certificates

Hi Rob,

You can make your own certificates being trusted by installing the CA
certificate into client machines' Trusted Root CA certificate store.

For process of setting up HTTPS with own CA server, please refer to the
following link:

How To: Set Up SSL on a Web Server
http://msdn2.microsoft.com/en-us/library/aa302411.aspx

Please update here if you have any further question or concern.

Have a nice weekend.

Sincerely,

WenJun Zhang

Microsoft Online Community Support

==================================================

Get notification to my posts through email? Please refer to:
http://msdn.microsoft.com/subscriptions/managednewsgroups/de fault.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at:

http://msdn.microsoft.com/subscriptions/support/default.aspx .

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Re: IIS 6, Windows 2003 Release 2, SSL and certificates

> Some organisations probably need/want SSL even for their intranet. But
> most organisations probably do not need it, and can use http. So I would
> say, if you cannot find such requirement, you can disabled SSL.

Thanks - that's what we've done.

Cheers, Rob.