1. Generate a self-signed name root certificate
OpenSSL REQ -X509 -Newkey RSA: 1024 -Keyout Cakey.pey.pey.peys 3650 -config e: /openssl-0.9.6h/apps/openssl.cnf
Enter the following information:
PEM pass Phrase: is also a password, keep in mind after input.
Then you need to enter the following information:
Country Name: CN // Country code of two letters
State or province name: guang dong // province name
Locality name: guang zhou // City name
Organization Name: Sunrising // Company Name
Organizational Unit Name: Home // Department Name
Common name: BESUNNY / / Your name (if you generate a server-side certificate must enter a domain name or IP address)
Email Address:
Be-sunny@163.com email address
Copy Cakey.pe to Out32dll / Democa / Private, copy the cacert.pem to Out32DLL / Democa
Note: I use OpenSSL.cnf provided by OpenSSL, and OpenSSL.EXE is in Out32DLL
2. Generate a certificate application with IIS Web Server CertReq.txt
Open IIS Web Server -> Site Properties -> Directory Security -> Server Certificate -> Create a New Certificate -> Prepare Now, but send it later ->
Naming and Security Settings: Name: Server, Position: 1024
Organizational Information: Organization: Sunrising, Organization Department: Home
Site Public Name: Website Name (or IP of the server side)
Geographic Information: Country: CN, Provincial and Municipalities: Guang Dong, City: Guang ZHOU (Note Be sure to be the same as the previous root certificate, otherwise it will errors when signing)
Generate Certreq.txt.
Copy CertReq.txt to Out32dll
3. Use your own CA to apply for a signature.
OpenSSL CA -IN CERTREQ.TXT -OUT Server.Pem -config E: /OpenSSL-0.9.6H/APPS/openssl.cnf
Translate PEM format certificates to X509 format
OpenSSL X509 -IN Server.pem -out Server.cer
4. Import server certificate
Open IIS Web Server -> Site Properties -> Directory Security -> Server Certificate -> Processing Subsheet and Install Certificate -> Select Generated Server.cer
5. Generate a client certificate
OpenSSL Req -newkey RSA: 1024 -Keyout CLIKEY.PEM -OUT CLIREQ.PEM-DAYS 365 -CONFIG E: /OPENSSL 0.9.6H/APPS/openssl.cnf
Enter the following information:
PEM pass Phrase: is also a password, keep in mind after input.
Then you need to enter the following information:
Country Name: CN // Country code of two letters
State or province name: guang dong // province name
Locality name: guang zhou // City name
Organization Name: Sunrising // Company Name
Organizational Unit Name: Home // Department Name
Common name: Client // Your name (if you generate a server-side certificate must enter a domain name or IP address) Email address:
Be-sunny@openssl.cn email //
a CHANLLENGE Password: 123456 // Certificate Protection Password
An Optional Company Name: Sunrising //
signature:
Openssl ca -in clireq.pem -out client.crt -config e: /openssl-0.9.6h/apps/openssl.cnf
Certificate of generating a PKCS12 format
OpenSSL PKCS12 - EXPORT -CLCERTS -IN Client.crt -inkey CLIKEY.PEM -OUT Client.p12
Installation trust
Rename CACERT.PEM is CACERT. CER, use "Tool 'Internet" in the IE of the Client
Option 'content' certificate 'import
We generated CA root certificates, making it a user trust CA.
Install personal certificate
Import client.p12 into the IE of the Client side as a personal certificate
The whole process ends
