Author: mikespook
Version: 1.0
Last updated: 2004-12-22 16:04
Press to step - diagram configuring IIS5 SSL Security Access ... 1
Written in front ... 1
Step 1: Prepare work ... 1
Step 2: IIS creation certificate ... 3
Step 3: Apply to the "Certificate Authority" application certificate ... 8
Step 4: Issue a certificate ... 10
Step 5: Install the certificate, configure SSL. 12
Step 6: Complete ... 14
Written
After these days, my mall was written, I was ready to engage in IIS5 SSL access. I checked a circle of information and found that most articles were as follows. Although it is written very detailed, the east is a hoe, the West is a stick, let me not touch the mind. stop! stop! stop! Directly see help, learn to match. I didn't expect it to be very smooth, I'm doing again. In this case, help with me as a friend who is as confused.
Before I see this article, I will make an agreement with the reader. I assume that you will use the mouse and keyboard and can make basic operations for Windows 2000 Server (I just want to explain how to configure IIS5 SSL security access, and I don't want to be involved in how to double-click the icon.). At the same time, IIS and browsers are also installed correctly (this is the standard configuration of Windows 2000 Server. If you are using the Windows 2000 Professional version, you don't have to read this article because this version does not support IIS SSL access.).
Step 1: Preparation
First you should have a computer, and you need to have a mouse, keyboard or you can access it from other computers with mouse keyboard. Don't take something to throw me, most servers are ^ ^ ^ ^ ^ without mouse and keyboard. This computer should have Windows 2000 Server or Windows 2000 Advance Server. Other versions of Windows either support IIS's SSL access, either with the configuration methods discussed in this article, such as the IIS6 of Windows 2003.
Then you need to check that your computer has a "certificate service", if you have installed the component, you can skip this step.
Click "Add / Remove Windows Components" in "Control Panel" à "Add / Remove Programs" to find "Certificate Services" and hook it in front. Figure 1.
figure 1
Note that this service has two sub-option "Certificate Service Web Registration Support" and "Certificate Service Authority (CA)". These two functions need to be installed for convenience.
figure 2.
Click Next, "Windows Component Wizard" will guide you to complete the installation of the service. The "Certificate Authority Type" will appear during the installation process, and here is necessary to select a single root (Figure 3). Of course, if you are in the domain, please don't continue to read. Because it is necessary to create an enterprise root or enterprise from the root.
image 3
After completing the "Certificate Service" installation, your "Control Panel" à "Administrative Tool" will have an icon such as a "certification authority".
Figure 4
Ready to end.
Step 2: IIS creation certificate
Completed the above preparation, now you can make IIS to apply for a certificate. Go to "Internet Service Manager" in the Control Panel à Admin "Management Tool." Right click on the site you need to configure, select "Properties" in the pop-up menu (if you use the mouse with my left hand, click the left mouse button.). This will open the "Properties" dialog box in Figure 5. Click the Server Certificate button in Catalog Security (Figure 6).
Figure 5
Figure 6
At this time, there will be "IIS Certificate Wizard" to a step by step to complete the application of the certificate (Figure 7). Figure 7
Click "Next" to select "Create a new certificate" and continue (Figure 8). What needs to be named is the other two ways "allocate an existing certificate" and "importing a certificate from the key manager backup file" can also configure IIS's SSL access, but the order in this question is different. Notes here again here.
Figure 8
Continue to create a certificate, "Select Now Prepare Request, but later". In fact, you can only choose this option, and another option "Send a request to an online certificate authority" in most cases (Figure 9). I also didn't find it when I was available, when I was not available. Personal guess is probably when the "certificate service" is installed, if you choose XXXXXXXXXXXX or XXXXXXXXXX, you may apply directly. If it is what I guess, the process behind it can be slightly not talked. ^ _ ^
Figure 9
Continue "Next" will ask you to enter a name that is easy to remember to identify your certificate. At the same time, you will ask you to choose "length", actually the encryption strength. The bigger "bit", the safer. Of course this is at the expense of performance (Figure 10).
Figure 10
Next is to enter organizations and sectors, this will appear in your certificate and will appear when others view your certificate (Figure 11). It is best to use legitimate names, don't fake other people's certificates. For example, the organization I entered is "MikesPook & Sill", the department applied for my mall, so I entered "xyshop".
Figure 11
Be careful when entering the site utility name, it is best to use the domain name you will bind. Otherwise, when someone visits your site, there will be a name mismatch when pop-up the certificate confirmation dialog box (Figure 12).
Figure 12
Next, it is input to geographic information (Figure 13).
Figure 13
The final step is to save the generated certificate and used after it is used (Fig. 14, Fig. 15, Fig. 16).
Figure 14
Figure 15
Figure 16
At this time, a certificate file Certreq.txt encoded by Base64 is saved in the C-drive root directory. Of course, if you choose another path when you save a certificate (Figure 14), it is different.
Step 3: Apply to the Certificate Authority to apply for a certificate
Seeing the "Certificate Authority" does not need to be nervous, we don't want to deal with any authority, and don't need to prepare for the cumbersome documents such as applying. Because the "certificate service" installed in the first step is our "certification authority".
Enter the address in the browser
Http: // localhost / certsrv / open "Microsoft Certificate Service" page (Figure 17). Select the application certificate and click the button "Next".
Figure 17
"Advanced Application" should be selected when "Select Application Type" to import the IIS certificate generated in the second step (Figure 18).
Figure 18
Because the certificate files saved in the second step are Base64 encoded, we should choose "PKCS # 10 files encoded using base64, or use Base64 encoded PKCS # 7 file update certificate application" (Figure 19) .
Figure 19
"Ctrl A", "Ctrl C", "Ctrl V" This is the "Collection" that everyone who uses the MS operating system should be familiar with the heart. Use this "Collection" to copy the contents of the file generated in the second step to the text box shown in Figure 20.
Figure 20
At this time, you will receive a notification of the "certificate hang", which means your certificate has been submitted (Figure 21).
Figure 21
Step 4: Issue a certificate
After completing the application certificate, the certificate was submitted to the "certification authority". Oh, hurry to give yourself a certificate. Enter the "Control Panel" à "Management Tool" Opens the "Certificate Authority" shown in Figure 3 to open the "Certificate Authority (Local)" tree on the left and find "to be determined" (Figure 22).
Figure 22
View the list of the right, the certificate applied just is in the eye (Figure 23). What are you waiting for? Still not hurry?
Figure 23
Right-click on the certificate to be applied, there is a "all tasks" in the pop-up menu, and select child "issued". At this time, this "to be confirmed" will be transferred to the "certification issued".
Looking at the certificate just now, double-click Open. And select "Copy to File" in "Certificate" à "Details" (Figure 24).
Figure 24
In the Certificate Export Wizard, any of the CER format export is arbitrarily selected, such as "DER Code Binary" (Figure 25). And save it into a file.
Figure 25
OK, here, we have completed a milestone. ^ _ ^
Step 5: Install the certificate, configure SSL
Now return to the "IIS Certificate Wizard" below the IIS Property (forgot? Take a look at Figure 7). At this time, "Next" has become a "hang certificate request" (Figure 26). Naturally, it is selected "Processing the Request, and Install the Certificate".
Figure 26
Select the CER file you just exported in Figure 22 (Figure 27).
Figure 27
All the way "Next" completes the installation of the certificate. At this time, the certificate is installed.
The Edit button that is not available after installing a certificate (Figure 28), click the "Edit" button to open the Secure Communication dialog.
Figure 28
In the "Secure Communication" dialog box, "Apply for Secure Communication (SSL)" (Figure 29) is determined.
Figure 29
Locate SSL Port under the "Web site" of the IIS's Properties dialog, you will find that the original unused text box can now be entered. Setting the text box content to 433 "OK" (Figure 30).
Figure 30
Step 6: Completion
Now you use HTTP (Figure 30) and HTTPS (Figure 31) to access the site you just configured, see what is different.
Figure 30
Figure 31
Well, OK, completed. As long as you press the class, configure IIS's SSL access is easy. Ha ha ~ ^ _ ^