DOCUMENT:Q298559 26-MAY-2001 [iis] TITLE :How to Load Balance Web Traffic Between Two IIS Servers PRODUCT :Internet Information Server PROD/VER::4.0 OPER/SYS: KEYWORDS:kbfaq ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Internet Information Server 4.0 ------------------------------------------------------------------------------- SUMMARY ======= This article describes how to set up certificates for secure communication between servers and Web clients when the servers are load balanced. MORE INFORMATION ================ To install certificates on load balanced Web servers, install the same key on all the servers that are being load balanced. To do this, follow these steps: 1. Install the certificate on the first Web site. For additional information, click the article number below to view the article in the Microsoft Knowledge Base: Q228991 How to Create and Install an SSL Certificate in IIS 4.0 2. Export the key to the other server in the load balance. To do this, follow these steps: a. Open the Microsoft Management Console (MMC) for IIS and expand the Internet Information Server folder. b. Click the plus sign (+) sign next to the computer name. c. The default Web site is available now. Right-click the Default Web Site icon, click Properties, and then click the Directory Security tab. d. In Secure Communications, click the Edit button. NOTE: If the button reads Key Manager instead of Edit, you do not have an encryption certificate for the WWW service installed. e. In the second Secure Communications window, click Key Manager. f. In Key Manager, under Local Computer, select WWW. g. On the Key menu, click Export Key. h. Click Backup File and note the location where the file is stored. Copy the backup file to the other server that is being load balanced and note the location where it is copied. 3. Import the key onto the other Web servers that are being load balanced. To do this, follow these steps: a. Open the Microsoft Management Console (MMC) for IIS and expand the Internet Information Server folder. b. Click the plus sign (+) sign next to the computer name. c. The default Web site is available now. Right-click the Default Web Site icon, click Properties, and then click the Directory Security tab. d. In Secure Communications, click the Key Manager button. NOTE: If the button reads Edit instead of Key Manager, you already have an encryption certificate for the WWW service installed. You must delete this key before you proceed. e. In Key Manager, select WWW. f. On the Key menu, click Import Key. g. Click Backup File and browse to the location where the file was copied. h. Commit the changes and ensure that port 443 is entered in the SSL field on the Web Site tab within the default Web site. You can now load balance SSL Web traffic between the server on which the certificate was originally installed along with the server where the certificate was imported to. REFERENCES ========== For more information, see the following article in the Microsoft Knowledge Base: Q219277 Load Balancing HTTP with WLBS Additional query words: iis 5, load balance, certificates, SSL ====================================================================== Keywords : kbfaq Technology : kbiisSearch kbiis400 Version : :4.0 Issue type : kbinfo ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2001.