Ssl+iis Settings Overview

ssl+iis Settings Overview Collection NEW: Go: Use WebRequest login website, crawl information | Old one: the choice of the lazy people who innovate, quickly complete the free control of datasheet managementSsl+iis Setup overview The Windows network operating system is built into IIS, the most common Web server. However, in the default configuration of the system, IIS uses the HTTP protocol to transmit data in clear text, without any encryption, and the important data transmitted is easily stolen. This is not enough for some sites with high security requirements. To ensure that important data is foolproof, IIS also provides SSL security encryption, and here's how to use the SSL security encryption mechanism in the IIS server. Generate Certificate Request file
£
The author of Windows Server 2003 (Windows 2003) system as an example, describes how to apply the SSL security encryption mechanism in the IIS6 server. To create a digital certificate for an IIS Web site, you must first generate a certificate request file for the Web site using the Web Server Certificate Wizard feature. Enter the control Panel → Administrative Tools →internet information Services (IIS) Manager. In the IIS Manager window, expand the Web Site directory, right-click the Web site that you want to use the SSL security encryption mechanism feature, select Properties from the pop-up menu, and then switch to the Directory Security tab (pictured). Then click on the "Server Certificate" button. In the IIS Certificate Wizard window, select the new Certificate option and click Next. Select "Prepare the certificate request now, but send it later", then name the certificate in the Name column, and select "Bit length of key" in the "bit length" drop-down list, note that the bit length cannot be set too large, Otherwise, it will affect the quality of communication, then set the certificate Unit, Department, and Geographic Information, in the site "Common name bar" Enter the site's domain name, and then specify the location of the certificate request file to save, where the author of the certificate request text file in "D\certreq." TXT ". This completes the generation of the certificate request file.
£
Apply for an IIS Web site certificate
£
Once the certificate request file has been generated, you can start applying for the IIS Web site certificate. However, this process requires the support of Certificate Services (certificate service). The Windows 2003 system default state does not have this service installed and needs to be added manually.
£
Install Certificate Services
£
Run Add or Remove Programs in Control Panel. Switch to the Add/Remove Windows Components page, in the Windows Components Wizard dialog box, select the Certificate Services option, and then select the CA type, where I select "Standalone root CA" and then name the CA server , it is recommended that you use the default value of 5 years to set the validity period of the certificate, and then after you have specified the location of the certificate database and the certificate database log, you have completed the installation of Certificate Services.
£
When you have completed the installation of Certificate Services, you can begin to apply for the IIS Web site certificate. Run Internet Explorer browser and enter "Http://localhost/CertSrv/default.asp" in the Address bar. Then click the "Apply for a certificate" link in the "Microsoft Certificate Services" Welcome window and click on the "Advanced Certificate Request" link in the certificate request type and click "Submit using BASE64-encoded CMC or PKCS#10 file" in the Advanced Certificate request window. Link, and then copy the contents of the certificate request file to the "Saved application" input box, where the author's certificate request file is stored in "D:/certreq.txt" and the "submit" button is finally clicked.
£
Issue IIS Web site certificate
£
Although the application for the IIS Web site certificate has been completed, it is still in a pending state and needs to be issued before it can take effect. In Control Panel → Administrative Tools, run the certification Authority program. Expand the directory in the left window of the certification authority, select the pending Request directory, locate the certificate you just requested in the right window, right-click the certificate, and select "All Tasks → issue".
£
Then click on the "Issued certificates" directory to open the certificate you just issued successfully, and in the Certificate dialog box, switch to the Details tab. Click the "Copy to File" button, pop-up Certificate Export dialog box, the next step, in the "file to export" column to specify the filename, where I save the certificate path for "D:/cce.cer", and finally click "Finish."
£
Import IIS Web site certificate
£
In the Directory Security tab page of IIS Manager, click on the "Server Certificate" button, then pop up the "Pending Certificate Request" dialog box, select "Process the pending request and install the certificate" option, click "Next", specify the location of the IIS Web site certificate file that you just exported, Then specify the port used by SSL, we recommend using the default "443", and finally click the "Finish" button
£
Configure IIS Server
£
When the import of the certificate has been completed, the IIS Web site has not enabled SSL security encryption at this time, and the IIS server needs to be configured.
£
On the Directory Security tab, click the "Edit" button in the Secure communications bar, select the "Require Secure channel (SSL)" and "Require 128-bit encryption" option, and finally click "OK" button.
£
Then click the "Authentication and access Control" bar "edit" button, in the dialog box to cancel the "Enable anonymous access" and "Integrated Windows Authentication" option, here to select the "Basic Authentication" option, and finally click the "OK" button.
£
£
£
£
SSL Security Encryption mechanism
£
The Chinese full name of SSL (security socket Layer) is the "Cryptographic Sockets Layer", a Secure communication protocol launched by Netscape, which is located between the HTTP protocol layer and the TCP protocol layer, and provides strong protection against credit cards and personal information. SSL establishes an encrypted channel between the client and the server to ensure that the data transmitted is not illegally stolen, and that the SSL security encryption mechanism is based on the use of digital certificates.
£
After applying the SSL encryption mechanism, the data communication process of the IIS server is as follows: first, the client establishes a communication connection with the IIS server, and then IIS sends the digital certificate and the public key to the client. This public key is then used to encrypt the client's session key, passed to the IIS server, which is decrypted with a private key when it is received, creates a secure data channel between the client and the IIS server, and only clients allowed by the IIS server can communicate with it.