Enabling SSL
Now that the certificate has been requested, the next step is to bind the certificate to the default web site in IIS.
To enable SSL for the Web Enrollment site on the CA server:
1. Launch the IIS Manager MMC located in Administrative Tools.
2. Expand the server name, then Sites, and then select Default Web Site.
3. In the Actions menu, select Bindings…
4. The Site Bindings settings will open. Click Add…
5. Select https for Type, and select the appropriate certificate from the SSL certificate drop down. Review the settings, and click OK.
6. Click Close to commit the changes to IIS. The selected server authentication certificate is now bound to port 443 on the IIS server.
The Web Enrollment website is now configured to support HTTP over SSL connections via the fully qualified domain name. Since the site is accessed via FQDN, the server, in this example https://fabca01.fabrikam.com, must be added to the list of trusted sites in Internet Explorer of clients that will attempt to access this page. This is so that so that user credentials are automatically passed to the Web Enrollment site. For domain clients, this can be done via Group Policy (see Site to Zone Assignment List policy).
| 