Tips for Using Microsoft IIS and IE with WebCA and Certificates

1. After you install IIS 3.0 in NT Server 4.0, reinstall Service Pack (SP) 2 or SP3.

2. Add four WebCA directories­docadm, doccli, cgi-adm, and cgi-cli­to IIS Web directories. Assign read permission to docadm and doccli, and read and execute permissions to cgi-adm and cgi-cli.

3. You can use IE 3.02 as the WebCA administrator's browser, but you must install Microsoft JavaScript 2.0 on the workstation. You can download JavaScript 2.0 from

4. If your IE can't connect to an SSL-enabled Web server, clear the PCT (Private Communications Technology­Microsoft's SSL-like Internet security protocol) setting in View, Options, Advanced, Cryptography Settings.

5. In the server certificate application form, be sure to use the fully qualified name of the IIS server name as the DNS name (e.g., Netscape Navigator gives a warning message when it connects to a server that has a different server name in the server certificate.

6. IIS lets you use SSL at the directory level. Enable SSL over only directories having pages that contain sensitive information. SSL encrypts every item (including graphics) on a page and increases transmission time.

7. To remove a browser certificate for IE 3.x in an NT workstation, delete the certificate file at c:\winnt\profiles\username\personal and delete the Registry entry of the private key name of the certificate at HKEY_CURRENT_USER\Software\Microsoft\Cryptography\Userkeys.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.