Microsoft KB Archive/278498

= How To Configure NNTP Service to Use Secure Sockets Layer =

Article ID: 278498

Article Last Modified on 6/27/2006

-

APPLIES TO


 * Microsoft Internet Information Server 4.0

-



This article was previously published under Q278498



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SUMMARY
This article describes how to configure the Microsoft Windows NT Option Pack-based Network News Transport Protocol (NNTP) service to use Secure Sockets Layer (SSL) with the help of a Server Certificate.



Steps to Install a Certificate for the NNTP Service
To use SSL with NNTP, you must first install a certificate for the NNTP service on the Internet Information Server (IIS) server. To do this, follow these steps:  Generate a Key Request file that contains the Private and Public key information that is necessary to encrypt the data. To do this, follow these steps:  Open Key Manager either from Internet Service Manager or at the command prompt (%Windir%\System32\Inetsrv\Keyring.exe). In the list of protocols under Local Computer, click NNTP. Right-click NNTP, and then click Create New Key. In the Create New Key Wizard, if you have your own Certification Authority (CA), click Automatically send the request directly to an online authority. You can also generate the request and store the request in a text file before you send it to a Certification Authority. On the next page of the wizard, name the key with a name that you can remember why it was generated. Type a password that links the public and private keys of your certificate. Remember this password. Select the bit length (1024 = 128 bit, 768 = 56 bit, and 512 = 40 bit) to specify how strong you want the key to be.</li> On the next page, type the organizational details. Make sure that you do not use any commas, apostrophes and other similar characters. In the Common Name box, use the Fully Qualified Domain Name (FQDN) of the site for which this certificate is being generated.</li> On the next page, type the Country, State and City information, following the instructions, and type the contact information.</li> Click Finish to complete the steps in the wizard. Notice that a key appears under the NNTP protocol with a red slash across it. The request is saved in a text file at the location that you specified in the first step of the wizard (which is C:\NewKeyRq.txt by default).</li></ol> </li> Use the request file that is generated to obtain a signed certificate from a Certification Authority. The certificate is in a .cer file.</li> Install the signed certificate as follows: <ol style="list-style-type: lower-alpha;"> Right-click the key that you created in the Key Manager, and then click Install Key Certificate.</li> When you are prompted to open a file, click the .cer file that you obtained from the Certification Authority.</li> When you are prompted for a password, type the password that you typed when you generated the request file.</li> In the Server Bindings dialog box, click Add. Under IP Address and Port Number, click Any Unassigned, and then click OK.</li> Close the Key Manager to commit all changes.</li></ol> </li></ol>

The certificate is now bound to the NNTP service.

Steps to Configure the NNTP Service to Use SSL
<ol> Open the Internet Service Manager (MMC).</li> Right-click the NNTP site, and then click Properties.</li> On the Home Directory tab, under Secure Communications, click Edit.</li> Select the Require Secure Channel check box.</li> Click OK twice to apply the change.</li> At a command prompt, type the following command to stop the IISADMIN service:

net stop IISADMIN

</li> <li>Start the NNTP Service and any other services that IISADMIN stopped in the previous step (such as W3SVC, MSFTPSVC, or SMTPSVC).</li></ol>

The NNTP server is now configured to accept SSL connections.

Set Up Outlook Express 5.x to Connect to an SSL-Enabled NNTP Server
The following steps are based on Microsoft Outlook Express 5.x. Although other NNTP clients can be configured to access NNTP over SSL, the steps may vary.
 * 1) Open Microsoft Outlook Express.
 * 2) On the Tools menu, click Accounts.
 * 3) Click Add, and then click Select News.
 * 4) Under Display Name, type a name for the NNTP server, and then click Next.
 * 5) Type your e-mail address, and then click Next.
 * 6) Type the IP Address or Fully Qualified Domain Name of the NNTP server. If you are on a local area network (LAN), you can use the NetBIOS name of the NNTP server. Click Next.
 * 7) If the server allows anonymous access, do not select the The server requires me to logon check box.
 * 8) Click Finish. You see that an account is created for that NNTP server.
 * 9) Click the News account that you created in the previous step, and then click Properties.
 * 10) On the Advanced tab, select the This server requires a Secure Connection (SSL) check box.
 * 11) Click Apply, and then click Close.
 * 12) When you are given the option to download the available newsgroups from that NNTP server, click OK, and you can select the newsgroups to which you want to subscribe.