2. Tech
  3. Set SSL on the IIS server

Set SSL on the IIS server

xiaoxiao2021-03-05  29

How to set SSL on a web server

Update Date: April 20, 2004

This page

How to apply the content of this chapter to generate a certificate application submission certificate application issued a certificate to install the resource to request SSL access on the web server.

aims

The goal of this chapter is:

Get the SSL certificate.

Install the SSL certificate on the IIS server.

Configure the virtual directory to require SSL.

Back to top

Scope of application

This chapter applies to the following products and technologies:

Microsoft Windows® XP or Windows 2000 Server (Service Pack 3) and Higher Version Operating System

Microsoft Internet Information Services 5.0

Microsoft Certificate Service (if you need to generate your own certificate)

Back to top

How to use this chapter

To learn this chapter:

You must have experience in configuring IIS.

If you want to generate your own certificate, you must be able to access a certification authority (CA), such as Microsoft Certificate Services.

If you don't want to generate your own certificate, you must decide which business certificate authority will apply for an SSL certificate. Most Certification Agency (CA) will charge this service.

Read Chapter 4 Secure Communication. It introduces SSL and its most common use.

Back to top

Summary

The Safety Sockets (SSL) is an encryption technology that provides authentication, confidentiality and data integrity. SSL is most commonly used to establish secure communication channels between web browsers and web servers. It can also be used between client applications and web services.

To support SSL communication, the SSL certificate must be configured for the web server. This chapter describes how to obtain SSL certificates, and how to configure Microsoft® Internet Information Services (IIS) to support Web browser and other client applications to communicate safely using SSL.

Back to top

Generate certificate application

This process creates a new certificate application that can be sent to the certificate authority (CA) for processing. If successful, CA will send you a file containing a valid certificate.

Generate certificate application

1.

Start IIS Microsoft Management Console (MMC) management unit.

2.

Expand the web server name, select the Web site where you want to install the certificate.

3.

Right-click the Web site and click Properties.

4.

Click the Directory Security tab.

5.

Click the Server Certificate button in "Secure Communication" to start the Web Server Certificate Wizard.

Note: If the Server Certificate is not available, it may be because you select a virtual directory, directory, or file. Returns Step 2 and select the web site.

6.

Click Next to skip the welcome dialog box.

7.

Click "Create a New Certificate" and click Next.

8.

This dialog has two options:

"Now preparing to apply, but later" This option is always available.

"Immediately send the application to the Online Certificate Authority" only when the web server can access one or more Microsoft certificate servers in the Windows 2000 domain configured to issue a Web Server certificate, this option is only available. In the following application, you have the opportunity to select the issuer sent to the application from the list.

Click "Prepare Now, but later", then click Next.

9.

Type a descriptive name of the certificate in the Name field, type the bit length of the key in the "bit length" field, and then click Next. The wizard uses the current Web site name as the default name. It is not used in the certificate, but as a friendly name to help administrator identification.

10.

Type an organization name (for example, Contoso) in the Organization field, type an organizational unit (for example, "Sales Department) in the Organization Unit field, and then click Next. Note: This information will be placed in the certificate application, so it should ensure its correctness. CA will verify this information and put it in the certificate. Browse users of your web site needs to view this information in order to determine if they accept certificates.

11.

In the Public Name field, type your site's common name, then click Next.

Important: The common name is one of the most important information of the certificate. It is a DNS name of the web site (ie the user typed when browsing your site). If the certificate name does not match the site name, the certificate issue will be reported when the user browses to your site.

If your site is on the web and is named www.contoso.com, this is the common name you should specify.

If your site is an internal site, and the user is browsing through the computer name, enter the computer's NetBIOS or DNS name.

12.

Enter the correct information in the fields such as Country, "State / Province" and "City / Counties", and then click Next.

13.

Enter the file name of the certificate application.

This file contains information similar to the following.

----- Begin New Certificate Request -----

MIIDZJCCAS8CAQAWGYOXNJA0BGNVBAMTLW1PENJVY2TSYXB0B3AUBM9YDGHHBWVY ...

----- End new certificate request -----

This is the basin 64 encoding expression of your certificate application. The application contains information in the wizard, also includes your public key and information with your private key.

Send this application to CA. The CA then uses the public key information in the certificate application to verify information with your private key signature. CA also verifies the information provided in the application.

When you submit an application to CA, CA will send a certificate in a file. Then you should restart the Web Server Certificate Wizard.

14.

Click Next. This wizard shows an outline of the information contained in the certificate application.

15.

Click Next, then click Finish to complete the application process. Certificate application can now be sent to CA for verification and processing. After you receive a certificate response from CA, you can use the IIS Certificate Wizard again to continue install the certificate on the web server.

Back to top

Submit a certificate application

This process uses the Microsoft certificate service to submit a certificate application generated in the previous process.

Submit a certificate application

1.

Use the Notepad to open the certificate file generated in the previous process, copy its entire content to the clipboard.

2.

Start Internet Explorer, navigate to http: // hostname / certificaterv, where HostName is the name of the computer running the Microsoft certificate service.

3.

Click "Apply a certificate" and click Next.

4.

On the Select Application Type page, click Advanced Application, and then click Next.

5.

In the Advanced Certificate Application page, click "Use Base64 Coded PKCS # 10 File Submit Certificate Application", then click Next.

6.

In the "Submitted Application" page, click "Base64 encoded certificate application (PKCS # 10 or # 7) text box, hold down Ctrl V, paste the certificate application previously copied to the clipboard.

7.

In the Certificate Template combo box, click Web Server.

8.

Click Submit.

9.

Close Internet Explorer.

Back to top

Issue a certificate

Issue a certificate

1.

Start the Certificate Authority tool from the Administrative Tools program group.

2.

Expand your certificate authority and then select the "Subwormed Application" folder. 3.

Select the certificate application just submitted.

4.

In the "Operation" menu, point to "All Tasks" and click "Profile".

5.

Confirm that the certificate is displayed in the "Profile" folder, then double-click to view it.

6.

In the Details tab, click Copy to Files to save the certificate as the Base-64 encoded X.509 certificate.

7.

Close the attribute window of the certificate.

8.

Turn off the Certificate Authority tool.

Back to top

Install a certificate on a web server

This process is installed on the WEB server to the certificate issued in the previous process.

Install a certificate on a web server

1.

If the Internet information service is not yet run, start it.

2.

Expand your server name, select the Web site where you want to install the certificate.

3.

Right-click the Web site and click Properties.

4.

Click the Directory Security tab.

5.

Click the Server Certificate to launch the Web Server Certificate Wizard.

6.

Click "Processing Subscribe Application And Install Certificate" and then click Next.

7.

Enter the path and file name of the file containing the CA response, and then click Next.

8.

Check the certificate overview, click Next, then click Finish.

The certificate has been installed on the web server.

Back to top

Configure resource to request SSL access

This process uses the Internet Service Manager to configure the virtual directory to request SSL access. You can use SSL for a specific file, directory, or virtual directory. The client must use the HTTPS protocol to access all such resources.

Configure resource to request SSL access

1.

If the Internet information service is not yet run, start it.

2.

Expand your server name and Web site. (This must be the Web site where the certificate has been installed)

3.

Right-click a virtual directory and click Properties.

4.

Click the Directory Security tab.

5.

Click Edit under "Secure Communication".

6.

Click "Require Secure Channel (SSL)". Now the client must use HTTPS to browse to this virtual directory.

7.

Click OK, then click "OK" to close the Properties dialog.

8.

Turn off Internet Information Service.

Back to top

转载请注明原文地址:https://www.9cbs.com/read-38423.html

9cbs

New Post(0)