Is a set of encryption technology that provides authentication, confidentiality and data integrity. SSL is most commonly used in
Web browser and network
Establish a secure communication channel between servers. It can also be used for client applications and the Web.
Used between services.
To support SSL communication, SSL must be configured for the Web server.
Certificate. This chapter describes how to obtain SSL certificates and how to configure Microsoft Internet.
Information Services (IIS) supports SSL between Web browsers and other client applications.
Secure communication.
Generate certificate request
This procedure creates a new certificate request that can be sent to a certificate authority (CA).
For processing. If successful, CA will send you a file containing a valid certificate.
Generate certificate request
1.
Start the IIS Microsoft Management Console (MMC) snap-in.
2.
Expand the Web server name and select the website where you want to install the certificate.
3.
Right-click the website, and then click Properties.
4.
Click the Directory Security tab.
5.
Click the Server Certificate button in Secure Communication to start the Web.
Server certificate wizard.
Note: If the server certificate is not available, it may be because you have selected a virtual directory, directory or file. Go back to the first one
The second step is to select a website.
6.
Click Next to skip the welcome dialog box.
7.
Click Create a new certificate, and then click Next.
8.
This dialog box has the following two options:
"
Prepare the application now, but send it later.
This option is always available.
"
"Send the application to the online certification authority immediately"
Only when the Web server can be used in Windows 2000 is it configured to issue Web server certificates.
Access one or more Microsoft in the domain.
Certificate server, this option is available. Later in the application process, you will have the opportunity to select the issuing authority from the list to which you want to send the application.
Click Prepare the application now and send it later, and then click Next.
9.
Type a descriptive name for the certificate in the Name field, type the bit length of the key in the Bit Length field, and then click Next.
The wizard uses the current site
Site name as the default name. It is not used in certificates, but as a friendly name to help administrators identify it.
10.
Type the name of the organization in the Organization field (for example
Contoso), type the organizational unit (for example, sales department) in the Organizational Unit field, and then click Next.
Note: This information will be put in the certificate application, so you should ensure its correctness. Canada
This information will be verified and put into the certificate. Browse your website
Users of this website need to check this information to decide whether they accept the certificate.
1 1.
In the Common Name field, type the common name of the site, and then click Next.
Important: The common name is one of the most important information at the end of the certificate. It's the internet.
Domain name system of the website
Name (that is, the name that users type when browsing your site). If the certificate name does not match the site name, a certificate problem will be reported when users browse your site.
If your website is on the Internet and it is named
Www.contoso.com, this is a common name you should specify.
If your site is an internal site and users browse by computer name, please enter the computer's.
NetBIOS or DNS name.
12.
Enter the correct information in the country, state and city fields, and then click Next.
13.
Enter the file name of the certificate request.
This file contains information similar to the following.
-Start applying for a new certificate-
miidzjccas 8 caqawgyoxnja 0 bgnvbamtlw 1 penjvy 2 tsyxb 0 b 3 aubm 9 ydghhbwvy ...
-End the application for a new certificate-
This is the base of your certificate application 64.
Coded representation. The application contains the information entered into the wizard, as well as your public key and information signed with your private key.
Send this application file to the ca. Then CA
Use the public key information in the certificate request to verify the information signed with your private key. Canada
Also verify the information provided in the application.
When you submit an application to CA, CA
The certificate will be sent back as a file. Then, you should restart the Web server certificate wizard.
14.
Click "Next". This wizard displays a summary of the information contained in the certificate request.
15.
Click Next, and then click Finish to complete the application process.
Now you can send the certificate request to CA for verification and processing. When you come from California,
After receiving the certificate response, you can use the IIS Certificate Wizard again on the Web.
Continue installing the certificate on the server.
Submit a certificate application
This procedure uses Microsoft.
The certificate service submits the certificate request generated in the previous procedure.
"
Submit a certificate application
1.
Use Notepad to open the certificate file generated in the previous procedure and copy all its contents to the clipboard.
2.
Start Internet Explorer and navigate to.
Explorers
issue a certificate
"
issue a certificate
1.
Start the certification authority tool from the administrative tools program group.
2.
Expand your certification authority, and then select the Pending Requests folder.
3.
Select the certificate request you just submitted.
4.
On the Actions menu, point to All Tasks, and then click Question.
5.
Verify that the certificate is displayed in the Issued Certificates folder, and then double-click to view it.
6.
In the details tab, click Copy to File to save the certificate as Base-64.
Code X.509 certificate.
7.
Close the certificate's properties window.
8.
Close the certification authority tool.
Install the certificate on the Web server
This procedure will install the certificate issued in the previous procedure on the Web server.
"
Install the certificate on the Web server
1.
If the Internet information service is not running, please start it.
2.
Expand your server name and select the website where you want to install the certificate.
3.
Right-click the website, and then click Properties.
4.
Click the Directory Security tab.
5.
Click server certificate to start the Web server certificate wizard.
6.
Click to process the pending request and install the certificate, and then click Next.
7.
Enter the path and file name of the file containing the CA response, and then click Next.
8.
Review the certificate overview, click Next, and then click Finish.
Now, the certificate has been installed on the Web server.
Configure resources to require SSL access.
This procedure uses Internet Service Manager to configure the virtual directory to require SSL.
Visit. You can require for a specific file, directory or virtual directory.
SSL. Clients must use the HTTPS protocol to access all such resources.
"
Configure resources to require SSL access.
1.
If the Internet information service is not running, please start it.
2.
Expand your server name and website. (This must be a website with a certificate installed.
Website)
3.
Right-click the virtual directory and click Properties.
4.
Click the Directory Security tab.
5.
Click Edit under Secure Communications.
6.
Click the required secure channel (SSL).
Now, the client must browse to this virtual directory using HTTPS.
7.
Click OK, and then click OK again to close the Properties dialog box.
8.
Turn off Internet information services.