Setting up an SSL Security Mechanism on the IIS server

In addition to anonymous access, basic authentication, and Windows NT request/response methods, the identity authentication of the IIS server also provides a more secure authentication, that is, using the SSLSecurity Socket Layer) Security Mechanism to use digital certificates.

The SSL encrypted SOCKET protocol layer of the IIS server is located between the HTTP layer and the TCP layer. encrypted communication between the user and the server is established to ensure the security of the transmitted information. SSL is based on a public key and a private key. Any user can obtain a public key to encrypt the data. However, to decrypt the data, the corresponding private key must be used.

When using the SSL security mechanism of the IIS server, the client establishes a connection with the server. The server sends its digital certificate and public key to the client, and the client generates a random session key, encrypt the session key with the public key obtained from the server and upload the session key to the server over the network. The session key can be decrypted only on the server, the client and the server establish a unique security channel.

After the SSL security mechanism of the IIS server is established, only customers allowed by SSL can communicate with the websites allowed by SSL. When using the URL Resource Locator, enter https ://, instead of http ://.

Simply put, by default, the HTTP protocol we use does not have any encryption measures, and all messages are transmitted in plain text on the network, malicious attackers can install listeners to obtain communication between us and the IIS server.

This hazard is especially serious in some enterprises' internal networks, for the enterprise intranet that uses the HUB, there is no security, because anyone can see other people's activities on the network on a computer, although the security threats to networks using vswitches are much smaller, there are still security breakthroughs in many cases. For example, the default users and passwords of vswitches are not changed, you can set your network interface as a listener to monitor all activities of the entire network.

Therefore, fully encrypting the entire network transmission tunnel is indeed a good security measure. Unfortunately, there are not many articles on the network about configuring SSL for the IIS server, I simply tried to share my experience with you.