Rel = file-list href = "./ https.files / filelist.xml"> rel = edit-time-data href = "./ https.files / editdata.mso"> Rel = Ole-Object-data href = " ./Https.files/oledata.mso>>
table of Contents
I. Overview
How to release SSL encryption with Windows2000 is also a question I have encountered very confused. At that time, there was a lot of information on the Internet, but there was no very detailed, but the problem finally solved. I have seen a lot of netizens asking questions about this, so I decided to organize it, everyone shared. Release encryption website is roughly divided into three steps: Install the Active Directory (optional), install the certificate service, IIS publishing site and settings. Let me introduce one by one below:
Second, Active Directory installation settings
The installation activity directory is just to install the certificate service in the next section, you can select whether it is installed as a corporate root CA or enterprise from the CA. The active directory can also be installed. The next active directory installation method is mainly a mounting method for the subdomain directory server.
2.1 DNS settings
If there are multiple domains, please set DNS correctly before installing the active directory of the sub-domain server. Generally detected whether DNS configuration is correct, the primary domain server and sub-domain server can ping each other's domain name.
2.2 Installing Activity Directory
The installation process of the active directory of the primary domain server can be selected by default. Next, the primary explanation of the solution.
Open Active Directory Setup Wizard: Start Menu -> Program -> Administrative Tools -> Configure Server.
Select the Active Directory menu.
Find [Start Active Directory Wizard] under the page, click [Start] to enter the installation.
Press the [Next] button.
The existing primary domain server domain name is Caosc-NW, and this station sub-domain server selects [additional domain controller for existing domain], press the [Next] button. The option of this step needs to see the overall plan of your domain server, the general user is not large and the concentration is in the case, select this. The planning of the activity directory is more complicated, please refer to the relevant manual for details.
Fill in the username, password, field according to the figure, and press the [Next] button.
Fill in the domain name and press the [Next] button.
The default position of the system is retained unchanged, and press the [Next] button.
The default position of the system is retained unchanged, and press the [Next] button.
Set the password of this server active directory domain administrator account, press the [Next] button.
Press the [Next] button.
This step is relatively long, please patiently.
Press the [Complete] button to this event directory has been installed.
Restart to take effect.
Third, certificate service installation
The certificate service is used to issue a certificate to the user, and the installation method is as follows:
Find [Control Panel], open [Add / Remove Programs].
Select the [Add / Delete Windows Components] menu.
In the Windows Component Wizard, select [Certificate Service], press the [Next] button.
After the system prompts the installation, this computer cannot rename again, press the [Yes] button.
Select [Enterprise Root CA], press the [Next] button. Enter some CA identification information, press the [Next] button.
Keep the system default value, poured until you go. First create a read-only shared folder on the server.
Click [Browse] after sharing folder, open the [Browse Folder] window of the above image, select the share folder directory, press the [OK] button.
The selected CERT directory is filled in the shared folder, press the [Next] button.
Create this directory, press the [Yes] button.
The system prompts to stop the Internet information service, press the [OK] button.
Copy file, wait patiently.
After the copy is completed, the installed window appears, and press the [complete] button. After installing the certificate service, you must also make the corresponding settings in IIS to make the certificate take effect.
Fourth, IIS settings
4.1 Website released
Open IIS: Start Menu -> Program -> Administrator -> Internet Service Manager.
Right-click the computer name to pop up the drop-down menu, click New -> Web site.
Step 1: Create a new Web site, pop up the web site Creating a Wizard window, press the [Next] key;
Step 2: Fill in the site Description "WWW", press the [Next] key;
Step 3: Fill in the IP address and port and the main unit by image, press the [Next] key;
Step 4: Select the website to publish the file of the folder, press the [Next] key;
Step 5: Set the primary directory access, press the image setting, press the [Next] key;
Step 6: The site is released, press the [complete] key;
Step 7: Right click on the new site WWW to open [Properties];
Step 8: Select the [Document] property card, fill in the default file in order in the default document, and press the [OK] button.
At this point, the external network is released.
After the website is successfully released, it is also necessary to set up a server certificate.
Open the properties window of the WWW site, select the [Directory Security] property, in the secure communication area, click the [Server Certificate] button.
Popked the Web Server Certificate Wizard window, press the [Next] button.
Select [Create a new certificate], press the [Next] button.
Select [Immediately Send], press the [Next] button.
Enter a name and bit, press the [Next] button.
Fill in, press the [Next] button.
Note that the public name here must be the same as the site domain you want to publish, press the [Next] button.
Fill in, press the [Next] button.
Keep the system default value, press the [Next] button.
Press the [Next] button again.
The web server certificate is installed, press the [complete] key.
Back to [Directory Security] Properties, in the secure communication area, select [Edit]. Press the [OK] button according to the above figure.
The server certificate installation setting for the internal network is successful. Note: Be sure to fill in the SSL port: 443 port number.
Catalog Security Click [Edit]
Select only integrated Windows authentication.
Select [Integrated Windows Verification] to ensure that the website must be accessible to domain users. [OK] can be.
To this release https: // The website has been all set. Now you can try your website with https: // domain name or ip.
