August 29, 2008 11:06pm pdt

1. meverest 309,474
2. tedbilly 161,814
3. Dave_Dietz 125,396
4. RubalJ 104,888
5. Abs_jaipur 49,055
6. TechSoEasy 46,150
7. pcsmitpra 37,841
8. hielo 37,150
9. LeeDerby... 36,828
10. tigermatt 36,625
11. Chris-Dent 36,350
12. RobWill 32,525
13. cj_1969 31,080
14. Robbie_L... 29,060
15. Sembee 28,152
16. harperse 27,720
17. kieran_b 27,095
18. zephyr_hex 25,880
19. b0lsc0tt 23,350
20. mihapi 22,150
21. LegendZM 21,325
22. Redwulf... 21,250
23. feptias 17,975
24. pcfreaker 16,000
25. cs97jjm3 15,930

1. Dave_Dietz 1,526,774
2. meverest 1,424,166
3. tedbilly 250,382
4. humeniuk 243,743
5. Sembee 201,472
6. Chris-Dent 167,967
7. dnojcd 166,736
8. DireOrbAnt 155,014
9. alimu 147,067
10. AndresM 142,147
11. harperse 137,888
12. TechSoEasy 130,744
13. Silvers5 118,933
14. RubalJ 105,388
15. cj_1969 100,019
16. fz2hqs 98,692
17. Wadski 94,195
18. amit_g 86,791
19. shambhus... 73,800
20. bigbillydot... 73,647
21. Tacobell777 72,581
22. Abs_jaipur 67,680
23. adilkhan 66,148
24. pcsmitpra 65,709
25. LeeDerby... 65,503

06.11.2008 at 12:36PM PDT, ID: 23477137

	[x] Attachment Details

Basic IIS + SSL Questions

Asked by jedifenner in Microsoft IIS Web Server

Tags: microsoft, iis, 6, SSL

Hello experts,

I am trying to get a better understanding of how IIS + SSL work together from an implementation standpoint. Please answer my questions (brief/basic answers preferred) and you will have my undying gratitude! :-)

1. In regards to the CSR wizard, I am prompted for the Bit Length. I have read conflicting reports that this is or is not directly tied to the actual certificate that is generated (for example: Verisign). As far as I know, this is only used to for the certificate registration process, and that only the web server and the Certificate Authority (CA) is concerned about this length for sharing the registration info. Afterward, the SSL can have any encyption bit lenght (such as 128 or 256). Is that correct?

2. I am pretty confused by Verisign's FAQ section, as it lists that there are 3 different keys used in the SSL process. (http://www.verisign.com/cus/srv/faq/512/index.html#128) Please tell me if I understand this correctly:
- the first key pair is used only for the registration process between the web server and CA
- The next key pair is used between the web server and the certificate (this point confuses me)
- The final key pair is used for creating a session between the browser and the web server
To point 2, does this only mean that when the web browser gets its certificate from a CA, it confirms that it is valid using a key pair so some type? Any help you can provide on that one would be appreciated.

3. If I purchase a 256bit certificate (ie from Verisign), this should not cause my customers any issues connecting because most relatively current browsers will negotiate up to the 256bit level for encyption (agreeing upon the highest level that the web server and client support), correct? Please note, that I do not have any global customers, only US.

4. Will running the CSR wizard remove the current certificate? The reason I ask, I find it extremely inconvenient that running the certificate wizard to generate a CSR (for moving to another CA provider)effectively removes the currently installed cert. If this is true, can I generate a CSR on another IIS server for the www site and then transfer it over to the production server? I see the wizard has a copy/move a certificate option. Start Free Trial

Keywords: Basic IIS + SSL Questions

	Title
1	Renewing SSL certificates
2	OWA SSL Cert
3	SSL Certificate for Exchange Server 2…
4	What type of SSL cert do I need for SS…
5	Renewal of SSL Certificate in IIS
6	Questions about SSL certificate conce…

Loading Advertisement...

20080716-EE-VQP-32 / EE_QW_2_20070628

Basic IIS + SSL Questions

Asked by jedifenner in Microsoft IIS Web Server

Tags: microsoft, iis, 6, SSL

About this solution