Your company named Contoso, Ltd. runs Windows Server 2008 R2. You manage a Web server
named web.contoso.com. The Web server hosts two Web sites named www.contoso.com and
webmail.contoso.com. Users connect to both the sites from the Internet by using HTTP. The new
company security policy has the following requirements:
• The webmail.contoso.com site must be available for Internet users only through Secure HTTP
(HTTPS).
• Two folders named Order and History on www.contoso.com must be available only through
HTTPS.
• All users must be able to connect to both sites without receiving any security warnings. You need
to add SSL certificates on web.contoso.com. You must meet the company security policy
requirements. What should you do first?
A.
Generate a self-signed certificate for web.contoso.com.
B.
Generate separate domain certificates for www.contoso.com and webmail.contoso.com.
C.
Request one certificate from the public trusted certification authority for web.contoso.com.
D.
Request separate certificates from the public trusted certification authority for www.contoso.com
and webmail.contoso.com.
Explanation:
The steps for configuring Secure Sockets Layer (SSL) for a site are the same in IIS 7 and IIS 6.0.
There are three things that a browser usually verifies in a server certificate:
1. That the current date and time is within the “Valid from” and “Valid to” date range on the
certificate.
2. That the certificate’s “Common Name” (CN) matches the host header in the request. For example,
if the client is making a request to http://www.contoso.com/, then the CN must also be
http://www.contoso.com/.
3. That the issuer of the certificate is a known and trusted CA. Source:
http://learn.iis.net/page.aspx/144/how-to-set-up-ssl-on-iis-7/Creating Certificate Requests Each
Web site hosted on your Web server needs a separate certificate if you want SSL to work properly.
The first step in the certificate creation process is to generate a certificate request.
Source: http://technet.microsoft.com/en-us/library/bb727098.aspx