Security

Configuring IIS 5.0 and Fortezza

SSL has a Fortezza mode that is of benefit to IIS 5.0. All Fortezza cards (PCMCIA cards) contain user certificates that authenticate the card user in much the same way that server or client certificates work in IIS 5.0. These user certificates must be copied over to a secure store on the computer where the card logs on. This makes the certificates available to IIS 5.0. In order to configure IIS 5.0 to use Fortezza, you must be using a domestic version of Windows 2000 Server.

To configure IIS 5.0 for Fortezza

Install the card reading equipment and its drivers. For information, see the card reader documentation.
Install the Cryptographic API Service Provider (CSP) provided by the equipment supplier. For information, see the card reader documentation.
Run the command line utility %windir%\system32\inetsrv\Fortutil.exe.

The Fortutil.exe utility provides functions that can install, confirm, and delete the card certificate and other associated information. To enable these features, type the appropriate commands at the command line, as shown in Table 9.5:

Table 9.5 Commands for Enabling Fortutil.exe Features

Action	Command	Parameters
Add Certificate	Fortutil /a	Web site name; card serial number; PIN; card personality
Confirm Certificate	Fortutil /q	Web site name
Delete Certificate	Fortutil /d	Web site name
Get Help	Fortutil /?	None