| content |
- Configuration Environment
- Learn about HTTPS
- Configure the CA certificate server
- Create a new sample website and publish it on IIS
- Create a new self-signed certificate and configure HTTPS
- Troubleshooting
| Configuration Environment |
Windows version: Windows Server 2008 R2 Enterprise
Service Pack 1
System Type: 64-bit OS
| Learn about HTTPS |
Why do you need HTTPS ?
When we browse websites, the URLs of most websites start with HTTP. We are familiar with the HTTP protocol, and the information is transmitted in clear text;
Using the HTTP protocol has its advantages, it transfers data between the server and the server more quickly and accurately;
But HTTP is obviously insecure, and we can also notice that when we use email or pay online, we all use HTTPS;
HTTPS requires a certificate to transmit data and encrypts the transmitted information, which is more secure than HTTP.
http://zh.wikipedia.org/wiki/HTTPS
http://www.ruanyifeng.com/blog/2011/02/seven_myths_about_https.html
| Configure the CA certificate server |
Start menu --> Administrative Tools --> Server Manager
Select the "Role" node in the tree menu on the left, right click and "Add Role"
Check "Active Directory Certificate Services", click "Next" button
Click the "Next" button
Click the "Next" button, and the "Add Role Wizard" interface will pop up
Click the "Add Required Role Services" button
Click the "Next" button
Specify the installation type, select "Enterprise", click the "Next" button,
"Enterprise" needs a domain environment
"Standalone" does not require a domain environment
Select "Root" and click the "Next" button
Select "New Private Key" and click the "Next" button
选择加密服务提供程序:“RSA#Microsoft Software Key Storage Privoider”
密钥字符符长度:“2048”
选择此CA颁发的签名证书的哈希算法: SHA1
然后点击“下一步”按钮
这里最好不要改名字,直接点击“下一步” 按钮
直接“下一步”按钮
这里是证书数据库和日志的地址,按默认路径就可以,然后点击“下一步”按钮
勾选上运行Asp.Net网站必须的项,点击“下一步”按钮
点击“安装”按钮
提示各项都安装成功后,点击“关闭按钮”
| 新建自签名证书并配置HTTPS |
选中IIS根节点,在”功能视图“中找到”服务器证书“,进入
找到文章前面配置好的CA,”adserv-PORSCHEV-CA“,点击“创建自签名证书”
给要创建的自签名证书输入一个好记的名字
重新在IIS添加网站
绑定类型:Https
端口号默认是443,可以不修改
SSL证书选择刚创建好的自签名证书,点击”确定“.
在IIS中运行“Default.aspx”页,效果如下
点击“继续浏览此网站”,成功显示内容,HTTPS配置成功!!
点击浏览器上提示的“证书错误”,“查看证书”。
颁发给这一项值为:“porschev.adserv.com”
访问些网站也可以通过URL: https://porschev.adserv.com:8000/ 来访问
| 故障排除 |
在其它机器用 https://porschev.adserv.com:8000/ 来访问示例网站,效果如下图
可能原因有两个:
1.DNS指定有问题
解决方法:在CMD窗口PINGporschev.adserv.com,得到IP地址
Change the preferred DNS address of the computer's local connection to the IP corresponding to porschev.adserv.com
2. Problems with inbound rules
Solution: Create an allowed inbound rule for port 8000, the steps are as follows
Start--->Administrative Tools--->Windows Firewall with Advanced Security--->Select "Inbound Rules" on the left tree menu--->Right click "New Rule"
- -->Rule type select "Port", click Next--->Protocol and Port--->Select "TCP", enter the port number of your website for a specific local port (example: 8000), click Next
--->Next until Name--->Enter a custom name (Example: 8000 Allow Rule), click Done.
Then enter the above URL to access the website normally.
