The following instructions describe how to access the TASKE web application using a https:// web address. The method involves requesting a web site certificate from a certificate authority (internal or external) and applying the certificate to the TASKE web server computer.
You can obtain a Web site certificate using one of two methods:
- Make a request to an online Certificate Authority (CA) You can make an online request to an enterprise CA if the site is a member of the same domain as the CA. The Certificate Request Wizard will automatically send the request to the online enterprise CA and the enterprise CA will immediately issue the certificate.
- Make an offline request
If you do not have an enterprise CA, you can use an offline request. You need to use an offline request if the server requesting the certificate does not belong to the same domain as an enterprise CA or does not trust that domain, if you are using a standalone CA, or if you obtain a certificate from a commercial third party certificate provider.
- Prepare the TASKE web server computer
- Ensure the computer name does not include any non-standard characters such as punctuation marks.
- If TASKE will be accessed outside as well as inside the corporate firewall the fully qualified name that clients use to access the web site will need to be the same inside and outside the firewall.
- Use the Web Server Certificate Wizard to request a certificate
for your web server
- In the Internet Information Service (IIS) Manager console, right click the Default Web Site node and choose Properties. Note that the TASKE web application should appear as a sub-node of the Default Web Site.
- Select the Directory Security tab, click the Server Certificate button. This will launch the Web Server Certificate Wizard.
- In this wizard, choose Create a new certificate
- If your organization has an enterprise CA, choose Send the request immediately to an online certification authority. The Prepare the request now, but send it later option creates a text file that you can submit to any CA and obtain a certificate. You must then manually install the certificate after you receive it.
- Type a friendly name for your certificate which is simply a descriptive name for the certificate and does not affect functionality. The default value of 1024 for bit length is reasonably secure.
- Type your Organization and Organizational unit information, typically your corporation’s legal name and department name.
- Type your site’s Common name. It is very important that this name is the fully qualified name of the web site and it cannot be changed once the certificate is requested. This name is the name the clients will use to access the web site.
- Complete the geographical information.
- If in step d you chose to send the request immediately, then your enterprise CA should appear in the drop list. Complete the wizard.
Otherwise, type a name for the text file which you will send to a CA to obtain your certificate. Complete the wizard. Once you receive your certificate, restart the certificate wizard but choose Process the pending request and install the certificate and complete the wizard by uploading your certificate file.
- On the Directory Security tab, click the Edit button in the Secure Communications group box.
- Enable Require Secure Channel (SSL). For added security, enable Require 128-bit Encryption.