I'm not sure if this is the right forum to post this question - apologies if not.... When running IIS Best Practice Analyzer (BPA) on Win 2008 R2, it returns the following error: Title: Use SSL when you use Basic authentication Severity: Error Category: Security Issue: Basic authentication is enabled for configuration path 'MACHINE/WEBROOT/APPHOST' but it lacks a required SSL binding. Impact: If you use Basic authentication without SSL, credentials will be sent in clear text that might be intercepted by malicious code. Resolution: Use Basic authentication with an SSL binding, and make sure that the site or application is set to require SSL. Alternatively, use a different method of authentication. I have tried to do the binding, but it looks like the ssl certificate has expired. I have tried unsuccessfully to renew the certificate (the request contains no template information). I have created a new certificate but I can't seem to bind to it.I am currently at a loss as to get around the BPA error. I think that this may also be causing problems with WSUS. Any help would be much appreciated. Thanks, Gary

Hi, You can refer to the steps at http://technet.microsoft.com/en-us/library/dd378853(WS.10).aspx to add an HTTPS binding. If there is anything unclear, please feel free to respond back.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Joson, I'd already tried that and I still get the same error from IIS when I run the Best Practice Analyzer: "Use SSL when you use Basic authentication" An more suggestions? Thanks, Gary

Hi Gary, I find that I can reproduce the issue if I enable the basic authentication with the command appcmd set config /section:basicAuthentication /enabled:true. By default, the configuration path is 'MACHINE/WEBROOT/APPHOST' as you see in the BPA entry. It seems that it cannot be resolved if we just add an HTTPS binding to the website and select require SSL. If the basic authentication is not required in your environment, you can disable it by running the command appcmd set config /section:basicAuthentication /enabled:false. If you want to use basic authentication, I suggest that you post to the IIS forum for further assistance as the issue is more related to IIS configuration. IIS forum http://forums.iis.net/ Thanks for your understanding.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, How are you? We've not heard back from you in a few days and wanted to check the current status of the issue. If you need further assistance, please do not hesitate to respond back. Thanks.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Joson, Sorry, for some reason, the e-mail notifications don't seem to be working and I wasn't aware that I'd had a response. In the mean time I'd logged a call with MS Support who are helping me with this query. Today, the MS engineer spotted your response and suggested that I run your appcmd as above. I did this but it didn't resolve the problem. Many thanks, Gary

On Tue, 10 Aug 2010 14:59:33 +0000, Gary Cooper wrote: Sorry, for some reason, the e-mail notifications don't seem to be working and I wasn't aware that I'd had a response. In the mean time I'd logged a call with MS Support who are helping me with this query. Today, the MS engineer spotted your response and suggested that?I run your appcmd as above. I did this but it didn't resolve the problem. Many thanks, Silly question but are you sure you're running the command on the web server that is actually hosting the delta CRLs? Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca

Hi Gary - did you ever find resolution to this problem? I'm facing the same issue. Thanks -Andrew