DOCUMENT:Q278498  23-MAR-2001  [iis]
TITLE   :HOWTO: Configure NNTP Service to Use Secure Sockets Layer
PRODUCT :Internet Information Server
PROD/VER::4.0
OPER/SYS:
KEYWORDS:kbDSupport kbiis400

======================================================================
-------------------------------------------------------------------------------
The information in this article applies to:

 - Microsoft Internet Information Server 4.0 
-------------------------------------------------------------------------------

SUMMARY
=======

This article describes how to configure the Microsoft Windows NT Option
Pack-based Network News Transport Protocol (NNTP) service to use Secure Sockets
Layer (SSL) with the help of a Server Certificate.

MORE INFORMATION
================

How to Configure NNTP Service to Use SSL
----------------------------------------

Steps to Install a Certificate for the NNTP Service:

To use SSL with NNTP, you must first install a certificate for the NNTP service
on the Internet Information Server (IIS) server. To do this, follow these
steps:

1. Generate a Key Request file that contains the Private and Public key
   information that is necessary to encrypt the data. To do this, follow these
   steps:

   a. Open Key Manager either from Internet Service Manager or at the command
      prompt (%Windir%\System32\Inetsrv\Keyring.exe).

   b. In the list of protocols under Local Computer, click NNTP.

   c. Right-click NNTP, and then click Create New Key.

   d. In the Create New Key Wizard, if you have your own Certification Authority
      (CA), click "Automatically send the request directly to an online
      authority". You can also generate the request and store the request in a
      text file before you send it to a Certification Authority.

   e. On the next page of the wizard, name the key with a name that you can
      remember why it was generated. Type a password that links the public and
      private keys of your certificate. Remember this password. Select the bit
      length (1024 = 128 bit, 768 = 56 bit, and 512 = 40 bit) to specify how
      strong you want the key to be.

   f. On the next page, type the organizational details. Make sure that you do
      not use any commas, apostrophes and other similar characters. In the
      Common Name box, use the Fully Qualified Domain Name (FQDN) of the site
      for which this certificate is being generated.

   g. On the next page, type the Country, State and City information, following
      the instructions, and type the contact information.

   h. Click Finish to complete the steps in the wizard. Notice that a key
      appears under the NNTP protocol with a red slash across it. The request is
      saved in a text file at the location that you specified in the first step
      of the wizard (which is C:\NewKeyRq.txt by default).

2. Use the request file that is generated to obtain a signed certificate from a
   Certification Authority. The certificate is in a .cer file.

For additional information, click the article number below to view the article in
the Microsoft Knowledge Base:

   Q171084 How to Install a Certificate

3. Install the signed certificate as follows:

   a. Right-click the key that you created in the Key Manager, and then click
      Install Key Certificate.

   b. When you are prompted to open a file, click the .cer file that you
      obtained from the Certification Authority.

   c. When you are prompted for a password, type the password that you typed
      when you generated the request file.

   d. In the Server Bindings dialog box, click Add. Under IP Address and Port
      Number, click Any Unassigned, and then click OK.

   e. Close the Key Manager to commit all changes.

The certificate is now bound to the NNTP service.

Steps to Configure the NNTP Service to Use SSL:

1. Open the Internet Service Manager (MMC).

2. Right-click the NNTP site, and then click Properties.

3. On the Home Directory tab, under Secure Communications, click Edit.

4. Select the "Require Secure Channel" check box.

5. Click OK twice to apply the change.

6. At a command prompt, type the following command to stop the IISADMIN service:

   "net stop IISADMIN" (without the quotation marks)

7. Start the NNTP Service and any other services that IISADMIN stopped in the
   previous step (such as W3SVC, MSFTPSVC, or SMTPSVC).

The NNTP server is now configured to accept SSL connections.

Set Up Outlook Express 5.x to Connect to an SSL-Enabled NNTP Server
-------------------------------------------------------------------

The following steps are based on Microsoft Outlook Express 5.x. Although other
NNTP clients can be configured to access NNTP over SSL, the steps may vary.

1. Open Microsoft Outlook Express.

2. On the Tools menu, click Accounts.

3. Click Add, and then click Select News.

4. Under Display Name, type a name for the NNTP server, and then click Next.

5. Type your e-mail address, and then click Next.

6. Type the IP Address or Fully Qualified Domain Name of the NNTP server. If you
   are on a local area network (LAN), you can use the NetBIOS name of the NNTP
   server. Click Next.

7. If the server allows anonymous access, do not select the "The server requires
   me to logon" check box.

8. Click Finish. You see that an account is created for that NNTP server.

9. Click the News account that you created in the previous step, and then click
   Properties.

10. On the Advanced tab, select the "This server requires a Secure Connection
   (SSL)" check box.

11. Click Apply, and then click Close.

12. When you are given the option to download the available newsgroups from that
   NNTP server, click OK, and you can select the newsgroups to which you want
   to subscribe.

REFERENCES
----------

For additional information, click the article number below to view the article in
the Microsoft Knowledge Base:

   Q218445 How to Configure Certificate Server for Use with SSL on IIS

Additional query words: iis 4 secure internet news

======================================================================
Keywords          : kbDSupport kbiis400 
Technology        : kbiisSearch kbiis400
Version           : :4.0
Issue type        : kbhowto

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.  MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  IN NO
EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR
ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.  SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 2001.