Microsoft KB Archive/298559

From BetaArchive Wiki
Knowledge Base


How to Load Balance Secure Web Traffic Between Two IIS Servers and Still Use Certificates

Article ID: 298559

Article Last Modified on 6/23/2005


APPLIES TO

  • Microsoft Internet Information Server 4.0


This article was previously published under Q298559

We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx


SUMMARY

This article describes how to set up certificates for secure communication between servers and Web clients when the servers are load balanced.

MORE INFORMATION

To install certificates on load balanced Web servers, install the same key on all the servers that are being load balanced. To do this, follow these steps:

  1. Install the certificate on the first Web site. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

    228991 How to Create and Install an SSL Certificate in IIS 4.0

  2. Export the key to the other server in the load balance. To do this, follow these steps:
    1. Open the Microsoft Management Console (MMC) for IIS and expand the Internet Information Server folder.
    2. Click the plus sign (+) sign next to the computer name.
    3. The default Web site is available now. Right-click the Default Web Site icon, click Properties, and then click the Directory Security tab.
    4. In Secure Communications, click the Edit button.

      NOTE: If the button reads Key Manager instead of Edit, you do not have an encryption certificate for the WWW service installed.
    5. In the second Secure Communications window, click Key Manager.
    6. In Key Manager, under Local Computer, select WWW.
    7. On the Key menu, click Export Key.
    8. Click Backup File and note the location where the file is stored. Copy the backup file to the other server that is being load balanced and note the location where it is copied.
  3. Import the key onto the other Web servers that are being load balanced. To do this, follow these steps:
    1. Open the Microsoft Management Console (MMC) for IIS and expand the Internet Information Server folder.
    2. Click the plus sign (+) sign next to the computer name.
    3. The default Web site is available now. Right-click the Default Web Site icon, click Properties, and then click the Directory Security tab.
    4. In Secure Communications, click the Key Manager button.

      NOTE: If the button reads Edit instead of Key Manager, you already have an encryption certificate for the WWW service installed. You must delete this key before you proceed.
    5. In Key Manager, select WWW.
    6. On the Key menu, click Import Key.
    7. Click Backup File and browse to the location where the file was copied.
    8. Commit the changes and ensure that port 443 is entered in the SSL field on the Web Site tab within the default Web site.

You can now load balance SSL Web traffic between the server on which the certificate was originally installed along with the server where the certificate was imported to.

REFERENCES

For more information, see the following article in the Microsoft Knowledge Base:

219277 Load Balancing HTTP with WLBS



Additional query words: iis 5, load balance, certificates, SSL

Keywords: kbinfo kbfaq KB298559



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/298559&oldid=163400
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki