This may sound like a dumb question but I'm confused and done a lot of googling so it's time to ask the "experts". I'm configuring IIS7 for SSL and have purchased an SSL certificate with a key length of 2048 bits. I want to accept both SSL and regular http (non-SSL) traffic so I have NOT checked the IIS config box of "require SSL". So far I can accept both encrypted and non-encrypted connections as desired. Also I want to accept both 40 bit and 128 bit client encryption to insure compatibility with older browsers (we're a library). But I can't find any way to enable 40 bit encryption in the IIS configuration. Do I need a separate certificate for 40 bit? I assumed the one SSL certificate would handle all desired encryption strengths but in my one test of an old IE 40 bit only browser, it would not connect. I'm hoping this is just a configuration change in IIS. Thanks.