SSL on IIS
Posted on 2006-05-20
Can someone give me an overview of SSL on IIS? I have a pretty good understanding of how to do everything below on Linux, but I need to do this on IIS for reasons I won't bore you with. I need the following:
1. I want to force SSL on users. No HTTP access -- HTTPS only for this site. Other sites on that server should be unaffected.
2. Install a certificate. I've done this a few times on IIS, but I need to understand the details here -- can I issue a certificate myself? Can Windows act as a certificate server? If so, what are the issues here? Will users get that silly warning saying the issuing body isn't trusted? If I have to cough up the cash for a commercial certificate, I will.
3. Force timeouts. If users are inactive for a certain period of time, I want them forced back to the login page.
4. Enforce logins. I want any attempt to circumvent the login page by going directly to a link to land the user at the login page.
I'm pretty sure IIS can do all this, but I don't know how. I've made this worth 500 points because there are several questions on this topic.
Thanks in advance,