key. If needed, the server can request a client certificate that verifies the clients iden- tity using the same techniques. A full discussion on SSL and certificates is beyond the scope of this book. For more information, Netscape has an excellent explanation at http://developer.netscape.com/tech/security/basics/index.html. How do you set this up on your own server? Well, the first thing you will want to do is enable SSL on the server. Without SSL, the certificate exchange will not happen. Setting up a Certificate Authority This section contains supplemental information about setting up a certificate author- ity and has very little to do with Web Services. If you do not need to do this, feel free to skip ahead to the next section. To run SSL on the server, you will need to have a certificate to prove the identity of the server. If you want to experiment with SSL without paying a certificate authority, such as Verisign for a certificate, you can set up your own certificate authority. Windows 2000 Server and later ships with a component called Certificate Server. You install this component through the Add/Remove Programs dialog by selecting Add/Remove Windows Components. A certificate authority is an organization that provides public key infrastructure facilities. A certificate identifies the user and issuer of the certificate and provides keys that can be used in encrypting and decrypting data. A full discussion of certificates with respect to PKI, public key infrastructure, is beyond the scope of this book. The following instructions explain how to set up SSL on a server using a local certifi- cate authority. 1.    Open up IIS administration console (inetmgr) and select the Web site on which you want to use SSL. On most machines, this will be the Web site named Default Web Site. 2.    Right-click the Web site and select Properties. 3.    Select the Directory Security tab and click the Server Certificate& button. This button will be enabled only if a certificate has not been applied to the Web site. Pressing the button brings up the Web Server Certificate wizard. 4.    Click Next. 5.    Select the Create a New Certificate radio button and click Next. 6.    Select the Send the Request Immediately to an Online Certification Authority radio button and click Next again. 7.    On the Name and Security Settings dialog, leave the defaults as is. This is shown in Figure 6.5. Click Next. Authenticating Users 159 09 1564 CH06  4/30/02  8:50 AM  Page 159