Managing server authentication
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Managing server authentication
Server authentication is used by clients to authenticate queries sent to domain controllers and Message Queuing servers. A client can verify that the query results have not been tampered with and that the results were returned by the correct domain controller or Message Queuing server. The method used for server authentication depends on the version of Message Queuing (and hence the operating system) running on the server and the client. The following table shows the method used for each situation.
| Client | Server | Server authentication method |
|---|---|---|
Message Queuing client running on Windows Server 2003 family |
Windows Server 2003 or Windows 2000 domain controller |
Kerberos V5 |
Message Queuing client running on Windows 2000 |
Message Queuing server running on Windows Server 2003 family or Windows 2000 |
Kerberos V5 |
Message Queuing client on Windows 2000 |
MSMQ 1.0 controller server running on Windows NT 4.0 |
Server certificate |
MSMQ 1.0 client running on Windows NT 4.0, Windows 98, or Windows 95 |
Message Queuing server running on Windows Server 2003 family or Windows 2000 |
Server certificate |
Using server certificates
Server certificates are used to authenticate some Message Queuing servers. You need to create and register a server certificate for the following:
Message Queuing servers that reply to Active Directory queries from MSMQ 1.0 clients running on Windows NT 4.0, Windows 98, or Windows 95.
MSMQ 1.0 controller servers running on Windows NT 4.0 that reply to queries from Message Queuing clients on Windows 2000 computers.
Note that Message Queuing clients running on Windows Server 2003 family or Windows 2000 use Kerberos V5 to authenticate Windows Server 2003 family or Windows 2000 Servers, and do not require server certificates.
For information on how to create a server certificate, see Create server certificates for Message Queuing. For information on how to change an existing server certificate, see Change server certificates for Message Queuing.
Server certificates used to authenticate Message Queuing servers must be installed separately from any user (client) certificates that may be installed for message authentication. However, if properly configured, the same certificate can be used by Message Queuing to authenticate servers and by Internet Information Services (IIS) for secure Web (HTTPS) communication.