I need to run a webbased application on a server 2003 that is a domain controller. I only have 1 server in the domain at this time Do I need to set up a certificate authority. If so can I do it on the same server or do I need new one If on a new server can it be in the domain or must it be stand alone I havent done this before so please start from basicis

First of all, I don't recommand that you install a Web application on a DC. Is it for intranet access or internet access? If it is for internet access then this is highly not recommanded for security reasons. In this case, you should use another server other than a DC to run your Web Based application. For the certificate, you can : use IIS to generate an auto-signed certification Implement a PKI and use at least two CAs (a root an and a subordonate one) and keep the root one offline. For more information, post in the http://forums.iis.net/ forums. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

its a small office with only 1 server. The server has its own ADSL connection the users go through a different ADSL to get to the internet. They want to run Sage WebACT and let users access it from outside access it via HTTPS SSL. I was advised that SSL connections have to be on a domain therefore we built the server as a DC. Its still in test phase so can be rebuilt. I do have a spare PC that can be used as a DC and let this pc run the web app At the monet the office runs on a workgroup basis They also want Sage 50 ( not a web based program) to be running so that 3 remote users can access the program from outside the office and work with it The remote users for Sage 50 need to be able to login and access only this program and nothing else I am looking for advise on the best way to set this up without having to spend loads on several servers

It sounds like the DC was setup just for this website, is that correct? If so it isn't necessary (at least not from a Windows perspective. The Sage stuff my say differently). Anyway, The clients that will be connecting to this website, are they managed by you (or the company you work for), or are they people's home computers? If they are managed by you and part of an Active Directory domain (it doesn't sound like this is the case) then you can use a self signed cert and publish it in AD. If these are people's personal computers and they want to connect to this website from home, then I recommend you purchase a Web Server certificate (server auth OID) from Verisign, GoDaddy, Entrust, etc. You'll then install this certificate using the IIS console. Keep in mind the subject name on the certificate must match the name of the website clients will be visiting. The people you purchase the certificate from should be able to help with this. As for the Sage software that is not web based...I'd recommend talking to Sage :) In all seriousness though, if you're looking for some sort of VPN or other remote access you have a number of options. With this being such a small office I'd probably use the built-in capabilities of some of the home routers that are on the market, such as Linksys, netgear, d-link, etc. Just make sure whatever you get has the ability to do VPN. You could use RRAS on a Windows box, but it's probably more complicated for you then it's worth (need the server, server license, someone to manage it, etc.) I hope this helps!