No nonsense, picture and text course , Teach you to build step by step CA The server , And let IIS Enable HTTPS service .

One 、 Set up a certificate server (CA service )

1. In the system control panel , find “ add to / Delete program ”, Click on the left “ add to / Delete windows Components ”, Find... In the list “ Certificate Services ”, Install it .

2.CA type , There are four options , Here we use “ Independent root CA” For introduction .

3.CA Identifying information , Here's what you can do for CA The server has a name .

4. Certificate database settings , The relevant database and log files used to save certificates , This is the default .

5. After installation , stay Control panel - Management tools   You can open it in Certification authority , This tool is used to audit certificates , It will be mentioned later .

6. After installation , stay IIS in , Three related directories will be added , Among them “CertSrv” It's the certificate application page .

7. Open the corresponding page , You can see the following figure , thus ,CA The server has been basically set up .

Two 、 Give Way IIS Turn on HTTPS(SSL) function

1. stay IIS Medium “ The default site ” Right click , choice “ attribute ”, You can see the site properties , Click on “ Directory security ” TAB , Click on “ Server certificate ” Button .

2. choice “ New certificate ”, next step

3. choice “ Now prepare the certificate request , But send it later ”, next step

4. Unit information , I need to fill in here by myself , As for what to write , You can decide , This information will be displayed in the certificate .

5. Name and security , The default name is IIS The name of the website , The default key length is 1024 position , next step

6. Site common name , The default is the machine name of the server , Please note that , If IIS It's object service , The corresponding domain name must be filled in here .

7. Geographic Information , Fill in whatever you like , next step

8. Certificate request file name , The default is to save in C Under the plate , After opening, you will see the following encrypted string .

9. First copy the encrypted string of the certificate , Go to the certificate application page mentioned above , choice “ Apply for a certificate ”

10. How to apply for certificate , choice “ Advanced Certificate Application ”

11. choice “ Use base64……”

12. Fill the certificate string in the text box , and “ Submit ”, thus , Completed the certificate application .( Don't rush to close it IE, Click on the top right “ Home page ” Wait )

13. Back in the certification authority tool , Select the one on the left “ Pending applications ”, You can see that there is an application record in it , apply ID That's what you just applied for ID.

Select the record , Right click - All the tasks - Issued by , In this way, the certificate can be issued .

Click on “ Certificate issued ” You can see the certificate just issued .

14, Back to the certificate application page , choice “ View the status of pending certificate requests ”

15. On this page, you can see all the certificates you applied for before , If there are multiple links, there are multiple links ), Click on one of them .

16. ad locum , If a certificate has been issued , You can see the certificate download page , General choice Base64 code , Download the certificate .

Download the certificate chain , You can take the root CA You can also download your certificate .

17. go back to IIS, Directory Security page , Or click “ Server certificate ”, The interface has changed , choice “ Process pending requests and install certificates ”, next step

18. Select the certificate you just downloaded , next step

19. Fill in SSL Port used , The general default is 443, It doesn't need to be modified . thus , The application for the certificate is completed .

20. If you want to force the use of HTTPS If you visit the website , stay “ Directory security ” On the tab , Click on “ edit ” Button .

21. Hook selection ” Secure access is required (SSL)” a

22, here , Let's refresh the certificate application page , You can see that 403.4 The error page of , Because we force the use of HTTPS To visit the website .

Be careful : If not the entire site requires HTTPS Words , You can also set a virtual directory , Method is the same as above. .

23. It is amended as follows HTTPS After the visit , It's a security alert , The certificate name does not match the site name , That's because we use localhost Came to visit. .

Remember when I applied for the certificate above , The public name mentioned ? That's it , At that time, we filled in the machine name , So and localhost Of course not .

That's why if IIS If there's a foreign language , The reason to fill in the domain name , Otherwise, this security alert will be prompted .

Just change the address to :https://dier-vm03/certsrv, There's no security alert .

24. Extend the , Not every user understands technology , When ordinary users see 403.4 error , I don't know how to add one if I ask for it S You can access , So what to do ?

It's very simple , stay “ Custom error ” On the tab , find 403.4 Point to the location of the page file , Then go in and open it . Add a script and it's done .

In fact, it is the use of javascript Judge whether to use http Of , If so, automatically jump to https

  1. <script type="text/javascript">
  2. var url = window.location.href;
  3. if(url.indexOf("http:") > -1) window.location.href = url.replace("http:","https:");
  4. </script>

Okay , The picture and text course without nonsense has been completed , incidentally BS once CSDN Editor for , Can't upload more than one file at a time , I'm tired to death -.-

Set up a certificate server And Give Way IIS Enable HTTPS service ( turn ) More articles about

  1. Set up a certificate server And Give Way IIS Enable HTTPS service

    One . Set up a certificate server (CA service )1. In the system control panel , find “ add to / Delete program ”, Click on the left “ add to / Delete windows Components ”, Find... In the list “ Certificate Services ”, Install it .2.CA type , There are four options , Here we use “ Independent root C ...

  2. EasyDSS High performance RTMP、HLS(m3u8)、HTTP-FLV、RTSP Streaming media server enabled https Service application free certificate

    Background analysis Now I want to be in web Upper use HTTPS Words , You need to get a certificate file , The certificate is signed by a company trusted by the browser . Once you get it , You're in your web Specify its location on the server , And connected with you ...

  3. EasyDSS Streaming media server software supports HTTPS- Enable https Service application free certificate

    EasyDSS Streaming media server software , Provide one-stop transcoding . on demand . live broadcast . Time shift playback service , Greatly simplifies development and integration work . among , On demand function mainly includes : Upload . transcoding . distribution . Live broadcast function , It mainly includes : live broadcast . videotape , Live support RTMP ...

  4. Aliyun server IIS Enable HTTPS agreement ( turn )

    https://www.cnblogs.com/randytech/p/7017188.html

  5. IIS Enable https

    Reference resources :http://www.cnblogs.com/dudu/p/iis_https_ca.html

  6. etcd Enable https service

    Catalog cfssl Related tools download Generate etcd The required ssl certificate Generate ca certificate Generate etcd Server certificate Generate etcd Client certificate modify etcd Cluster profile restart etcd colony Verify cluster health About etcd Of ...

  7. How to configure in Alibaba cloud server iis build web service

    IIS, Internet Information Service , A kind of Web Service components , Take advantage of it , We can open it asp.php The files used to build the web page .   Tools / raw material   domain name The server Method / step     logon server .   Click Start —> The server ...

  8. Apache+OpenSSL Implement certificate server to provide HTTPS

    adopt Linux+Apache+OpenSSL Realization SSL ( Secure Socket Layer ) Certificate server , Provide safe HTTPS ( Hypertext Transfer Protoco ...

  9. 【 turn 】Tomcat Enable HTTPS Protocol configuration process

    Reprint please indicate the source : http://blog.csdn.net/gane_cheng/article/details/53001846 http://www.ganecheng.tech/blog/530 ...

Random recommendation

  1. gossip js Scope

    js Lexical environment includes environment variable binding and external reference ' Function is created with an internal property [[scope]], It points to the lexical environment object of the current function . The external reference of lexical environment is a lexical environment ' Until the global Lexical Environment ' Its external reference is null' This constitutes ...

  2. Weak network test Android

    Weak network test generally refers to the simulation in the case of poor network environment , testing APP Is there anything abnormal , Like a crash , Packet loss occurs in data receiving and sending One . First you need to control the network , There are two ways. One is to use the network damage meter , Second, it uses software . Hardware procurement costs too much , Therefore use ...

  3. atitit.ajax bp dwr 3. Summary of the process of configuration and use in annotation mode .....

    atitit.ajax bp dwr 3. Summary of the process of configuration and use in annotation mode ..... 1.  download   dwr.jar 1M 1 2.  Configure annotation mode ..web.xml 1 3. Class  To configure 2 4.  test ...

  4. EF Repository Update

    Problem description : terms of settlement : http://www.cnblogs.com/scy251147/p/3688844.html principle : Attaching an entity of type '' faile ...

  5. android The radio 、 Multiple choice pop up menu

    Menu radio window : import android.app.Activity;import android.app.AlertDialog;import android.content.DialogInte ...

  6. PHP Get today 、 yesterday 、 Tomorrow's date

    <?php echo " today :".date("Y-m-d")."<br>"; echo " yesterday :".d ...

  7. A few MB The big picture becomes hundreds KB

    Use windows Self contained “ drawing ” Tools can . 1. use “ drawing ” Open the picture . 2. Click on “ Resize ” Pop up the following window Modify the “ level ” and “ vertical ”, If all from 100 Change it to 30. After a change , Click ok , Finally, “ preservation ” or ...

  8. Redis——redis Use redis-dump,redis-load Export import data ——【 3、 ... and 】

    source https://www.cnblogs.com/dadonggg/p/8662455.html https://blog.csdn.net/chenxinchongcn/article/deta ...

  9. Codeforces 1000G Two-Paths Tree dynamic programming LCA

    Link to the original text https://www.cnblogs.com/zhouzhendong/p/9246484.html Subject portal - Codeforces 1000G Two-Paths The question Given a tree with ...

  10. js Deal with local scroll Events prohibit external scroll Rolling solutions ,jquery.mousewheel.js Description of prohibited measures in handling

    js Code: <script> window.onload = function() { for (i = 0; i < 500; i++) { var x = document ...