The Web Site SSL/TLS Enablement challenge familiarizes learners new to setting up certificates using Public Key Infrastructure (PKI) certificates and securing web communications. PKI certificates encrypt network transmissions through a Secure Socket Layer (SSL) and Transport Layer Security (TLS). Both protocols ensure the integrity of network communications between applications and machines.
Upon completion of this 45-minute guide lab, containing goals, objectives, and hints throughout, learners create, customize, and secure information transferred over the web. A web server, with a PKI certificate, enables web sites to utilize https, a secure web protocol.
Learners find some basic understanding of server tools such as the Microsoft Management Console (MMC) and the Internet Information Services (IIS) helpful before starting the lab. Users who know how to use the Certificate Template Console, through the server tools, have a leg up in completing this lab. The more advanced user gains additional learning benefits by figuring out the lab utilizing as little of the hints as possible.
Configure a Custom Web Server PKI Certificate Template:
Learners use the Certificate Template Console to create a new PKI template from the server tool. Through the certification configuration process, the server or centralized authority (CA) sets policies and rules for certificate requests and usage. Duplicating a web certificate keeps existing standards in encrypting the public and private keys and in decrypting the private key. Instead of assigning permitting PKI certificates machine by machine, the Certificate Template Console authenticates a set of users in a particular domain. After issuing a valid certificate template to those who have permission, the certificate owners can verify the identity of the CA, the public key for the CA, and the private key that the certificate owner uses to identify its communication.
Acquire a Web Server PKI Certificate:
In the Acquire a Web Server PKI Certificate module, learners add a certificate to a web server using the MMC server tool. First, the user adds the certificate's capability to get the certificate to the MMC. Then the web server requests a certificate by enrolling. Since the web server and the CA are the same machines, the CA grants certification to the web server. If the CA remained private, all devices desiring that web server certificate require a trusted root certificate from the CA. Otherwise, the requesting entities would not authenticate the certificate.
Configure HTTP Binding on a Web Server:
The module teaches how to use Microsoft's Internet Information Services (IIS) to bind a web server certificate to a particular website over a specified port. The end of this section results in secure information transmitted by HTTPS across the website with the certificate. The URL must be the same between the CA and the web server to use the web server certificate. This requirement ensures that the integrity of the web site remains intact for client systems to trust. Learners test that the HTTPS connection has been set up correctly by connecting using the HTTPS URL.
Upon completing this virtual lab, learners know how to make SSL/TSL work through a website bound by the HTTPS protocol. Learners complete three objectives:
- Modifying and configuring a certificate template.
- Obtaining a web server certificate using the template created in the previous section.
- Associating the web server certificate with an IIS web server through HTTPS.
Learners who complete this lab should consider other related challenges.
- GUIDED CHALLENGE: Enable SSL/TLS on a Client
- ADVANCED CHALLENGE: Can You Secure a Website Using an SSL/TLS Certificate?