CYA: Securing IIS 6.0: Cover Your A** By Getting It Right the First Time

Certificate Services is a security technology that allows you to verify object identity and provide data security. The Certificate Services component is included in all members of the Windows Server 2003 family of operating systems except Web Edition. If you decide to enable this component, be sure you follow the security guidelines and procedures outlined in this chapter to protect your Certificate Services.
Understanding Certificate Services
Configuring Certificate Services
Securing Certificate Authority Web Enrollment Support
Monitoring Certificate Authority Web Enrollment Access
By the end of this chapter you will understand the role played by certificates, and you will know how to configure Certificate Services and secure and monitor your web enrollment certificate authority (CA).
By default, Certificate Services is not installed during IIS 6.0 installation, as the operating system is shipped in default locked down mode. This section will instruct you on the basics of certificates and how to configure Certificate Services on the IIS server.
Certificate Services is a component included in most of the Windows Server 2003 family, which allows system administrators to make use of digital certificates.
A certificate is a document that has been digitally signed by a certificate authority, and contains information that identifies the certificate owner. The certificate is useful when the users of the certificate trust the CA or issuer. Other usage of the certificate includes facilitating Secure Sockets Layer (SSL) for securing data transmission and providing authentication security.
A certificate authority