Secure HTTP server

The following procedure showing how to issue your own server certificate using Microsoft Certificate Services.
begin by installing iis then
Step 1: Installing Microsoft Certificate Services
To issue your own server certificate install a stand-alone root certification authority
1. Log on to the system as an Administrator, or if you have the Active Directory directory service, log on to the system as a Domain Administrator.
2. Click Start, point to Settings, and then click Control Panel.
3. Double-click Add or Remove Programs and then click Add/Remove Windows Components.
4. In the Windows Components Wizard, select the Certificate Services check box. A dialog box appears to inform you that the computer cannot be renamed and that the computer cannot be joined to or removed from a domain after Certificate Services is installed. Click Yes. Also select Internet Information Services check box if it was not already selected and then click Next.
5. Click Stand-alone root CA.
6. (Optional) Select the Use custom settings to generate the key pair and CA certificate check box, and then click Next to specify customized setting.
When you are done, click Next.
7. Type the common name of the certification authority. None of this information can be changed after the CA setup is complete.
8. In Validity period, specify the validity duration for the root CA. See the note below about considerations when setting this value. Click Next.
9. Specify the storage locations of the certificate database, the certificate database log, and the shared folder. Click Next.
10. If Internet Information Services (IIS) is running, you will receive a request to stop the service before proceeding with the installation. Click OK.
11. If prompted, type the path to the Certificate Services installation files.

More info: http://technet2.microsoft.com/windowsserver/en/library/36d03e33-c9e8-4eca-b948-addab1e22c531033.mspx

Step 2: Creating a new server certificate request
1. Start IIS Manager. From the Start menu, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
2. In IIS Manager, double-click the local computer, and then double-click the Web Sites folder.
3. Right-click the Web site or file for which you want to request a certificate, and then click Properties.
4. On the Directory Security or File Security tab, under Secure communications, click Server Certificate.
5. In the Web Server Certificate Wizard, click Create a new certificate.
6. On the Delayed or Immediate Request page, click Prepare the request now, but send it later. By default, the certificate request file is saved as C:\Certreq.txt, but the wizard allows you to specify a different location.
7. Complete the rest of the steps in the Web Server Certificate Wizard and then click Finish. 

Step 3: Submitting certificate request
1. Open Internet Explorer.
2. In Address, type http://servername/certsrv, where servername is the name of the Windows server where the certification authority (CA) you want to access is located.
3. Click Request a certificate, and then click advanced certificate request.
4. Click Submit a certificate request using a base64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
5. Open the C:\Certreq.txt file. Copy its contents to Clipboard. On the Web page, click in the edit box. Paste the contents of certificate request into the Saved request edit box.
6. If you are connected to an enterprise CA, choose the certificate template you want to use.
7. Click Submit. 

Step 4: Issuing certificate
1. Start Certification Authority. From the Start menu, point to Administrative Tools, and then click Certification Authority.
2. Expand your domain Pending Requests.
3. Right-click the pending certificate request that was submitted. Select All Tasks, and click Issue. 

Step 5: Downloading issued certificate
1. In Internet Explorer, open http://servername/certsrv, where servername is the name of the Web server running Windows Server 2003 where the certification authority you want to access is located.
2. Click View the status of a pending certificate request.
3. If there are no pending certificate requests, you will see a message to that effect. Otherwise, select the certificate request you want to check, and download and save certificate (certnew.cer). 

Step 6: Installing certificate
1. In IIS Manager, double-click the local computer, and then double-click the Web Sites folder.
2. Right-click the Web site or file for which you want to install a certificate, and then click Properties.
3. On the Directory Security or File Security tab, under Secure communications, click Server Certificate.
4. In the Web Server Certificate Wizard, Select Process the pending request and install the certificate. Click Next.
5. Type the location where you saved the certificate (certnew.cer). Click Next.
6. Complete the rest of the steps in the Web Server Certificate Wizard and then click Finish. 

Step 7: Configuring SSL on IIS
1. In IIS Manager, double-click the local computer, and then double-click the Web Sites folder.
2. Right-click the Web site or file for which you have installed a certificate, and then click Properties.
3. On the Directory Security or File Security tab, under Secure communications, click Edit.
4. In the Secure Communications box, select the Require secure channel (SSL) check box.
5. Click OK to close dialog.

Open tcp port 443 in your firewall

Now you can access Web using https. You will get a message that server certificate is not issued by a trusted certificate authority asking if you wish to continue using this web site. Ignore the warning and proceed with browsing web site e.g. by clicking Yes in Internet Explorer 6 or clicking “Continue to this website (not recommended)” in Internet Explorer 7.

In order to prevent browsers from displaying warning message every time you open the web site you have to do the following:

       in Internet Explorer 6 when the Security Alert dialog appears click View Certificate. Open Certification Path tab. Select the top node of the tree (marked with red sign) and click View Certificate. Click Install Certificate and proceed by clicking Next on all wizard’s pages,

       in Internet Explorer 7 it’s almost identical procedure to Internet Explorer 6 except that at first you have to click “Continue to this website (not recommended)”. When the page is loaded click on the red Certificate Error field at right side of the address bar and click View certificates. Follow the procedures described for Internet Explorer 6,

       in Mozilla Firefox when the warning dialog appears you have to simply select “Accept this certificate permanently” option and click OK.