Configure HTTPS in IIS

In fact, this is a summary of what I learned a long time ago. The blog is empty. Write it down.

1. Certificate Service

(1) install the Certificate Service

(2) Certificate Service publishing site: Generally, there is a virtual directory of certsrv under the default web site; if not, you need to find the physical directory named certsrv, use it as the virtual directory of the default site on port 80.

(3) The client requests a certificate through the Web: http: // server IP address or domain name/certsrv

(4) server-side certificate issuance: Ca console | pending review | right-click the target → all tasks → issue

(5) install the certificate on the client: Certificate Application homepage, and check the suspended certificate.

(6) The client uses the certificate console to manage the certificate: export the public key of the certificate.

(7) Send the public key to the communications partner: The communications partner uses the public key to encrypt data, and the recipient uses the private key to decrypt the data.

2. SSL Secure Access to IIS

(1) generate a certificate request file

① Open the properties page of the site to be encrypted in the IIS console | Directory Access Control label | click "server certificate" to start the "IIS certificate wizard ";

② Select the "New certificate" option, click "Next", select "Prepare certificate request now, but send it later", and then name the certificate in the "name" column, in the "bit length" drop-down list, select "bit length of the key". Note that bit length cannot be set too large. Otherwise, the communication quality will be affected; then, set the Certificate Unit, Department, and geographical information, enter the Domain Name of the website in the "Public Name Bar" of the site, and specify the location where the certificate request file is saved, here, the text file of the certificate request is saved in "". In this way, the certificate request file is generated.

(2) apply for an IIS website Certificate

In the IE Address Bar, enter "http: // server IP address or domain name/certsrv ". Click the "apply for a certificate" link in the "Microsoft Certificate Service" Welcome window, and then click the "Advanced Certificate Application" link in the certificate application type, in the advanced certificate application window, click "Submit a base64-encoded CMC or PKCS #10 file ...." Link, copy the certificate request file D:/my_ssl.txt to the "Save application" input box, and click "Submit.

(3) Issue an IIS website Certificate

(4) download the certificate from the client

On the Certificate Application homepage, check the suspended certificate. Click the download link to download the certificate to your local device named certnew. Cer.

(5) import certificates in IIS

On the "Directory Security" tab of the IIS manager, click the "server certificate" button. In the displayed "pending certificate requests" dialog box, select the "process pending requests and install Certificates" option, click "Next" and specify the export certnew. specify the port used by SSL. We recommend that you use the default "443" and click "finish ".

(6) configure the IIS server

After the certificate is imported, the IIS website does not enable SSL security encryption. You need to configure the IIS Site:

① Find "SSL port" on the "web site" tab, and you will find that the text box that was not available can now be entered. Set the text box content to 443 and click "OK ".

② On the "Directory Security" tab, click the "edit" button in the secure communication column and select the "require secure channel (SSL)" and "require 128-bit encryption" options, click OK.

② Click the edit button in the "authentication and Access Control" column to cancel the "enable Anonymous Access" and "integrate Windows Authentication" options in the dialog box, select the "Basic Authentication" option and click "OK.

* ******** Notes **********

1. The client accesses the encrypted communication website and uses the HTTPS protocol, for example, https: // 10.76.133.1: 443. Because 443 is the default SSL port number, it can be omitted.

2. if you want HTTP and HTTPS to exist together, that is, the website can both encrypt or not, then step (6) "Configure 2nd in IIS server") and 3rd) do not do this, that is, do not apply for a secure channel, or enable Anonymous Access. However, HTTP access uses port 80, while HTTPS access uses port 443.