Securing a web page

[Shadrack]

Can I secure a web page (with 128-bit encryption) in IIS without the need of a certificate? The web pages are for internal business use, so I don't see the need to buy an expensive certificate, but the IIS control panel seems to require it.

What do I need to do? I want my users to be able to log in remotely without worrying about their passwords flying through the internet un-encrypted.

Should I just encrypt the login/submit form, or would it be appropriate to secure the entirety of the web application? Does encryption slow things down much?

Thanks for your input!

-Nic

[Allscave]

If you want to use SSL, you need a certificate. ;)

[Shadrack]

Well, do I need to pay money for a certificate? Why would I need to get a certificate if I'm not hosting something to the outside world. Doesn't all a certificate really show is that this entity is registered with some authentication system and can be tracked down if they do something shady with your data?

I'm not concerned about such certifications... I am concerned about having the data and my users passwords going across the internet in an unencrypter form.