SSL/WebClient This sample is intended as a demonstration of the SSPI interface to the SSL/PCT protocols for secure, authenticated communication provided by secur32.dll and schannel.dll on Microsoft Windows NT 4.0 w/SP4, Microsoft Windows 2000, Microsoft Windows Millennium, and Windows 9x. On retail Windows 9x, the SSPI interface for SSL will only provide authentication and not encryption services. If you require full SSL/PCT authentication and encryption services on a Windows 9x client, then you can update the Windows 9x interface by installing the Directory Service Client (dsclient.exe) on the Windows 9x system. Additionally the following registry modification must be completed for SSL encryption/decryption routines to work on Windows 9x systems: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders Value: SecurityProviders: REG_SZ Add the following to the existing string, "schannel.dll" WebClient shows the client side interface while the companion sample WebServer shows the server side implementation. WebClient shows how the programmer might conceivably interact directly and securely with a web server such as IIS. In this environment, WebClient would replace a browser such as Internet Explorer and give the programmer full control over the server to client interaction. The heart of using the SSL/PCT protocols for secure communication is management of the certificates required for client/server identification and authentication. On the server side, we must generate and install a X.509 v3 SSL-compatible server authentication certificate. This server authentication certificate identifies a server and is used by clients to authenticate a server that the client wants to access. On the client side, if we want the option of client side authentication, we must generate and install a X.509 v1 and v3 SSL-compatible client authentication certificate. This client authentication certificate identifies a client and is used by servers to authenticate a client that requests server access. Generating and installing these certificates correctly is necessary for proper functioning of this sample. One possible method for installing the Client Certificate is detailed below. Using Microsoft Certificate Server 1) Connect to a machine running Microsoft Certificate Server. On Windows 2000 Servers, Certificate Server is an installable component from the Add/Remove Control Panel applet. For NT4 IIS and Certificate Server is provided with the Windows NT Option Pack. For the purposes of this sample, we will assume that our certificate server is accessible at http://winbase/certsrv 2) Click on Certificate Enrollment Tools/Request a Client Authentication Certificate 3) Fill out the enrollment form. At the minimum, provide as part of the Name field an easily remembered term that you will be able to use from the WebClient application. For instance, the full name for the client certificate might be "DaveMo the client". Click on "Submit Request" and then Download from the next page. You can verify that the certificate was installed by using the CERTMGR utility that ships with the Platform SDK, or the certificate viewer that is found on the 'Content' tab off the 'Internet Options' menu item of Internet Explorer. See the readme.txt file in the WebServer directory for info on installing a certificate for the server.