共用方式為

Free SSL on IIS?

  • 發行項

Frequently, users ask about how to enable SSL on IIS and run it "for free" without doing any extra work. Since there is no such thing as a free lunch, I am going to try and explain why and what your options are for "free SSL".

Question:

I would like to setup SSL for a public web site we have for our IT users (Admins and Engineers only). I do not want to have to buy SSL certs from a company and I PREFER NOT to deploy a PKI / Cert Server.

What is my next viable and easy solution for a FREE SSL Cert solution with the above requirements?

Thank you.

Answer:

The solution depends on the number of IT users and whether you control all computers that run browsers against your public SSL-enabled website.

All SSL solutions for web servers require at least:

  1. A Root Certificate Authority certificate
  2. A Server Certificate signed by the Root CA. This is installed on the web server
  3. Client which trusts the Root CA of #2

If you do not have all elements (especially #3), then you can expect web browsers to pop up a security warning dialog about not trusting the server's certificate.

Now, anyone can create their own Root CA certificate and create/sign a Server certificate with this Root CA. MS Cert Server, SelfSSL, OpenSSL, etc all allow you to do this because it is easy. In fact, from a security/trust perspective, generating identifiers like certificates and even signing identifiers are not difficult.

The major problem is establishing trust between unrelated clients and servers, and public key certificates use a third trusted party, the Root CA, to establish mutual trust. It is the establishment of this mutual trust that costs you money - it has nothing to do with IIS, Microsoft, or income - and if you can establish that mutual trust for lower cost, go right ahead because nothing stops you.

The SSL Conspiracy Theory...

Now, you may be wondering: "why is this guy talking about establishing mutual trust between unrelated client and servers and requiring money for it. All I want is SSL data encryption, period, between two network endpoints and I could care less about trust or identity of the endpoints. This must be some evil Microsoft conspiracy/plot to generate income for the Certificate Registrars, blah blah blah..."

Well, I am sorry, there is no such conspiracy plot. The SSL handshake is completely open and publicly defined by competent folks, and all the popular web servers and web browsers implement it. If you want to complain, go complain to the spec authors. We are just the messengers here. :-)

Details, Details...

Thus, the reason that paying for a Certificate for SSL usage is easy is because those Registrars all have their Root CA Certificate pre-loaded into the trusted root store of most OSes. All you need to do is install a signed certificate from them and you are set.

Part of the reason that you deploy PKI/Cert Server is to ensure that YOUR private Root CA Certificate gets installed on all clients and servers so that all you need to do is install a signed certificate from it and you are set.

Thus, if you do not want to pay nor do you want to deploy an infrastructure, you will have to figure out some way to securely distribute the Root CA Certificate used to sign all your other certificates to the trusted root store of all your servers and client computers that browse to your public SSL website. There are no other alternatives - this is how the SSL Solution works, and this is how you implement a free SSL Solution.

Conclusion

Clearly, the ease of this deployment depends vastly on the number of client/server machines and the amount of control you have over configuration of their trusted root store.

Also, notice that the issue of "Free SSL on IIS" actually has NOTHING to do with IIS. It is trivial to run SelfSSL to enable SSL on IIS. The issue of "SSL on IIS" usually originates from the IIS sysadmin, even though the actual deployment problem comes from the lack of mutual trust by the browser clients.

Usually, you are the sysadmin and have control over the servers, so the problem is really about controlling the number of clients. If you are in a university/corporation setting or some other sort of controlled environment, the IT department should have control of the clients to force install this Root CA Certificate... but at this point, realize that you are a hop-skip away from PKI. If you have NO control over the clients, then purchasing a SSL certification is pretty much the ONLY cost effective solution, unless you can think of a simple, secure, and non-infrastructure way to install Root CA Certificate onto uncontrolled client machines.

In other words, there is no free lunch. There is no free unfettered SSL solution for a large number of uncontrolled clients.

If the number of clients are small, or if the clients are controlled... then you can have free SSL. For example, I do this at home with SelfSSL to secure OWA access to my personal email because I control the server and the laptops/computers that will access my OWA (I do NOT believe in secure kiosks).

Some of you may remember the tremendous inconvenience and security popups caused by the Verisign fiasco in January 2004 when one of Verisign's intermediate Root certificate expired. This instantly invalidated all server certificates in use that were signed by it, causing all browsers world-wide to popup security warnings when encountering such a server certificate. Basically, the amount of effort expended by Verisign customers around the world to re-issue signed Server Certificates with a valid Verisign Root certificate is a reasonable "upper-bound" to your effort, depending on the number of uncontrolled clients.

Good Luck,

//David

Comments

  • Anonymous
    August 02, 2005
    Good post. You just might want to additionally point out that there are more Root CAs installed in most browsers than just way-too-expensive Verisign. Like anything else in a competitive market, you may not be able to get a free cert for yourself, but you at least can find a cheaper one.

  • Anonymous
    August 02, 2005
    Thanks.

    Re: alternative Root CAs - the nice thing about a blog and comments is that you've interacted and did just that. :-)

    Yeah, there are many such Root CAs - just open the MMC, add the "Certificates" snapin, and open the "Trusted Root Certificate AuthoritiesCertificates" node to see all the Root CA certificates currently pre-loaded onto your system.

    Basically, I see it as "free SSL" and "non-free SSL". For the "non-free SSL", I presume people know to shop around for the best deal - hey, if you do not shop around, then you probably will get ripped off.

    And I do not want to be involved anywhere NEAR that one... ;-)

    //David

  • Anonymous
    August 03, 2005
    You can get free certs here :
    http://www.cacert.org/

    but I whole heartedly agree that paying for a "real" cert is much easier.

  • Anonymous
    August 03, 2005
    Thanks for the tip.

    You underscore the point that creating/obtaining the certificate is not the problem. ANYONE can create their own Certificates or even run their own website to create them.

    The problem with SSL and Certificates all has to do with the protocol requiring an establishment of trust - which is not easy for arbitrary, uncontrolled clients/servers. When you control the clients/servers, yes, SSL can and should be free.

    //David

  • Anonymous
    August 11, 2005
    Frequently, users ask about how to enable SSL on IIS and run it "for free" without doing any extra work....

  • Anonymous
    October 10, 2005
    One of the most promising free alternatives: The StartCom Free SSL Project at http://cert.startcom.org. Certificates are easily received and installation instructions at hand...

    For installing the Root CA of StartCom (still required on most browsers) click here: http://cert.startcom.org/?app=109

  • Anonymous
    October 11, 2005
    StartCom - Thanks, and good luck.

    However, SSL is already simple and free (as I had explained earlier), so I am not certain why StartCom is any more "promising" as a free alternative other than visibility.

    The key to simplicity is getting the Root CA onto the browsers. And that is totally a matter of establishing trust because that's at the root of security.

    It would indeed be nice to have this Root CA in most browsers and for certificates signed by that Root CA to be free (as what StartCom seems to promise), but I am not so certain Verisign, et al would like that as a general model... ;-)

    //David

  • Anonymous
    October 19, 2005
    Nobody asks Verisign or any other CA for that matter, if they like it or not :-)

    ...but read this interesting post: http://forum.startcom.org/viewtopic.php?t=303 which might clarify things and show the seriousness of StartCom's Free CA!

  • Anonymous
    October 21, 2005
    StartCom - Good luck on your effort.

    Anyways... Free SSL is so old news. ;-) Free SSL signed by a root CA that is used by IE and Firefox would be interesting when it happens.

    However, I disagree with your position that encryption is all most people need from SSL and that you are providing that "wonderful" service for free. You are Spinning the details and not telling the whole truth. tsk tsk... ;-)

    You are not placing prominence on the fact that establishment of Trust is the most important aspect of security; encryption, certificates, public key pairs, private keys, etc are merely implementation details.

    For the most part, crooks do not bother cracking encryption because it is computationally hard, so what you give for free is not more valuable than SelfSSL from a security perspective. From a public PR perspective, I grant you it is different.

    What is far easier and profitable for a crook to do is to spoof either endpoint of the encrypted communication, man-in-the-middle, social-engineering, etc to attack that Chain of Trust. And of course that is where the profit lies as well... as you say, it pays the bills.

    Anyways, I still applaud your efforts and will forward people there when I have the opportunity. :-) I just wish you would be a bit more forthcoming about educating the public about the whole truth instead of stoking the "freedom" banner...

    //David

  • Anonymous
    November 07, 2005
    I suggest, that the steps implemented at verifying StartCom Class 1 certificates are sufficient to enable that trust you mentioned above, specially the famous "man-in-the-middle" attacks. This certificates are called "domain controled or validated" at some CA's.

    Class 2 certificates are meant to cover the costs of verification, not much profit here...However there is a business model around the StartCom project, but not the casual user is the target audience, but larger entities... So much about profit :-)

    No other news for today....

  • Anonymous
    May 25, 2006
    You wrote: "Free SSL signed by a root CA that is used by IE and Firefox would be interesting when it happens."

    It happened! Visit http://cert.startcom.org and read on....

  • Anonymous
    July 31, 2006
    Well, it bit to quick on the buzzer..
    Firefox and Thunderbird only in beta releases, not the stable ones.. so, still, we have to way until 2.0 is released as stable (unless you are a daredevil).

    And IE? Still unclear.
    I still got my hopes up that the day that IE adds the support for StartCom is around the corner.

  • Anonymous
    April 17, 2008
    The comment has been removed

  • Anonymous
    May 23, 2008
    My Question is: I have implemented a Self Signed Certificate using SelfSSL. Now i want the user to get a message that the site has a certificate on it. and do u want to trust the certificate? if the user selects yes, the Cerrtificate becomes trusted else not. How does one configure the Site so that if the site is SSL and has a Certificate, the user is prompted to trust the Certificate on the Site.

  • Anonymous
    May 23, 2008
    Kiran - Unfortunately, that cannot be implemented by the website. Furthermore, it relies on the user to have administrative privileges to place the certificate to be trusted. In general, it is untrustworthy to do what you are proposing. If you are exposing your website to users whom you do not control, then you cannot use a self-signed certificate and must purchase a certificate. //David

  • Anonymous
    December 14, 2008
    Your smart-alecky attitude is not very helpful for those looking for information.  Good luck to ya.

  • Anonymous
    December 22, 2008
    Ed - Hey, good luck on your search for information. Many, many people openly seek out my expertise and thank me for the clarity of my information. I understand that not everyone can have clear insight into how things work, but there is nothing I can do about that... //David

  • Anonymous
    December 07, 2009
    The comment has been removed

  • Anonymous
    February 18, 2010
    The comment has been removed

  • Anonymous
    February 18, 2010
    The comment has been removed

  • Anonymous
    February 18, 2010
    The comment has been removed