Configuration of SSL/TLS and NTLM Authentification for the TwinCAT ADS WebServices on Windows 7

SSL/TLS Configuration

Rightclick on  the Computer button in the Windows 7 Startmenu and press Manage to open the "Computer Management" window.

If you need a certificate for development or intranet use only, you can generate a self-signed certificate based on the computer name, directly in the Internet Information services by following the next steps here.

If you already have a server certificate which you want to use, you can follow the next steps here.

If you want to create a self-signed certificate for a domain in the world wide web, you can generate it with the SSLCert.exe.
If you have created a certificate with the SSLCert.exe you can follow the next steps here.

Creating a self signed certificate for development use

In the Computer Management Window navigate to "Services and Applications"->"Internet Information Servicess (IIS) Manager" and click on the root node of the  Internet Information Services Manager navigation.

In the content pane of the Internet Information Services Manager choose the "Server Certificates" icon and double click on it.

Click on the "Create Self-Signed Certificate..." menu entry in the Actions pane of the "Server Certificates" window.

In the opened dialog you must specify a friendly name for your certificate. After that press the OK button to confirm.

The certificate was added to the certificate store of your computer and is displayed in the list of available Server certificates in the "Server certificates" window of the IIS Manager.

You can double click on the new entry to open the certificate information dialog for further information about the certificate.

HTTPS Binding

Now mark the website node in the Internet Information Services Manager navigation which contains the virtual directory for the TcAdsWebService and click on the "Bindings..." menu point in the appropriate Actions pane.

Now we must create a binding for the https protocol. Press the "Add" button to open the "Add Site Binding" dialog.

In the "Add Site Binding" dialog, choose the following values to create a binding for the https protocol.

 A binding for the https protocol is now available in the "Site Bindings" dialog.

Now you can connect to all virtual directories of your website over the http and the https protocol.
Follow the next steps if you want to allow connection over the https protocol only.

Navigate to the TcAdsWebService virutal directory and open the "SSL/TLS Settings" window.

In the "SSL Settings" dialog check the "Require SSL" checkbox.

The Internet Information Services will now only allow connections over the https protocol. 

NTLM Authentication

Rightclick on  the "Computer" button in the Windows 7 Startmenu und press "Manage" to open the Computer Management Window.

Choose the virual directory node of the TcAdsWebService in the Internet Information Services Manageer navigation.

Open the Authentication dialog for the TcAdsWebService virual directory.

 Enable "Windows Authentication" and disable all other authentication methods.

NTLM is now active and required for the TcAdsWebService.