SSL certificates used for securing IIS servers

SSL certificates used for securing IIS servers

Sys-Con said one of the best ways to secure Internet Information Services, or IIS servers, and the applications they host for a business is to use keys, such as Thawte SSL certificates, to secure communication between the users and the web servers. The news source said using certificates from a trusted certificate authority, such as VeriSign, should be requested if the server has to be publicly available.

"These certificates are trusted from any browser, on any computer, and are the easiest, but more expensive way, to use SSL," the website said. "If the IIS server will only be used internally from your organization, you can use your own PKI to issue a certificate for the web server that will be trusted throughout your environment. However, internal users might have issues when accessing the content from a different computer where the root certificate for your environment is not installed."

For servers that will only be used in a testing environment, Sys-Con said companies can take advantage of self-signed certificates that may be generated with IIS management tools, which is a much easier process than it previously was.

Sys-Con said other ways to secure these servers are hardening the operating system that runs it, using firewalls to secure the server on the web, controlling which IPs and domains can access the server, have URL authorization and use logging to help build patterns to be able to sniff out future breaches.

Small businesses looking to develop an atmosphere of trust among employees and customers should use a service such as VeriSign or Thawte. SmallBusinessNewz said both companies bring well-trusted names and even though they may be a bit more expensive, as the Thawte slogan says, "it's a trust thing." Being able to trust a purchase going through on a website is a big deal for customers, and companies that can create this can go a long way in business.