Secure a Website With an SSL/TLS Certificate
This IT Pro Challenges virtual lab teaches learners how to enable HTTPS for a website and acquire trusted client PKI certificates. Learners will learn how to configure HTTPS binding and client certificates to secure a website. Skills learned in this lab are valuable in multiple job roles such as system administrator and SOC Analyst.
When a machine connects to a website, the interaction begins between the web browser and the web server. This information is not secured. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cryptographic security rules. They are utilized to make sure that network connection is reliable. Their main intentions are to implement data integrity and communication secrecy.
In this hands-on lab, you will learn how to secure a website with an SSL/TLS certificate. First, you will configure an HTTPS port 443 binding for the website. Next, you will configure the website to require client certificates before allowing access to the website. The other guided and advanced challenges in this series are “Web Site SSL/TLS Enablement” and “Can You Use PKI To Secure a Network Environment?” respectively.
Understand the Scenario
In this virtual lab, you are a system administrator for a company that uses Microsoft Windows Server 2016. You have web servers and a private enterprise root certificate authority (CA). Your job is to secure website traffic by using HTTPS. You will use a virtual machine named DC1-CA that runs Microsoft Windows Server 2016. DC1-CA is configured as a domain controller for an Active Directory domain named Contoso. You will use a client computer named Client1 that runs Windows 10. You will connect to the virtual machine console directly in the lab environment.
Acquire a web server certificate
An SSL certificate is a file that includes information about the identification of the web server. It also includes the encryption method to apply when building a secure way. In this section of the lab, you will learn how to acquire a web certificate. First, you will create a custom web server certificate template named Custom Web Server and configure the template to populate the certificate subject name by using the Active Directory DNS computer name. Next, you will acquire the web server certificate, and then specify a friendly name of Web Server 1. Finally, you will check and verify that the Custom Web Server template is used to issue a web server certificate.
Configure a web server HTTPS binding
HTTPS is a secure communication that is utilized to transfer information between a client computer and a server. It utilizes a Secure Sockets Layer (SSL). A website binding is the incorporation of an IP address, a port, and a host header. Website bindings utilize the HTTP or HTTPS protocols. To allow SSL in IIS, you must first get a certificate that is utilized to encrypt and decrypt the data that is carried over the network. IIS holds its certificate call tool that you can apply to transfer a certificate request to a certification authority. This tool analyzes the method of getting a certificate. In this section of the lab, you will configure a web server https binding. You will add an HTTPS binding and then configure the binding to use the Web Server 1 certificate on the web server.
Configure the web server to require client certificates
IIS is one of the most important web servers from Microsoft that is utilized to host the Web application. IIS has its Process Engine to manage the request. So, when a request arrives from client to server, IIS accepts that request and treats it and transfers the response back to clients. In this section of the lab, you will configure the web server to require client certificates. Learners will configure the IIS Default Website to require client certificates and check that IIS requires client certificates for SSL connectivity.
Acquire a client certificate
In this section of the lab, you will learn how to acquire a client certificate. First, you will sign in to Client1 as Administrator. Next, you will acquire a user certificate by using the User certificate template and connect to https://dc1.contoso.com using the Microsoft Edge web browser. Finally, you will check your work and confirm that the web browser client connects successfully to https://dc1.contoso.com.
Lab Summary Conclusion
After completing the “Secure a Website With an SSL/TLS Certificate” virtual lab, you will have accomplished the following:
- Configured an HTTPS binding requiring that client certificates.
- Acquired a client certificate and successfully connect to the IIS web server using HTTPS.