Apply for a free certificate
Http://www.startssl.com/
You can only apply for a one-year free certificate of Class 1.
After the application is completed, import the PLF certificate to the server certificate in IIS manager at the same level as the "start page" machine-> function view->. Then, go to the web site under the website, instead of a virtual path. There is a "binding" in the right operation, and set certificate binding.
Virtual Path-functional view-SSL settings. Select "require SSL" to force the certificate.
From the perspective of users, SSL certificates are divided into four types
Class1 (Domain Validation): only verifies the ownership of the domain name.
Class2 (personal validation): verifies the real identity of an individual in addition to the ownership of the domain name.
Class3 (Organization validation): verifies the identity of the operator, that is, Enterprise Authentication.
EV (extended verification): Some enterprise data verification except the identity of the operator.
For large e-commerce enterprises, class3 ev-level certificates are generally used to ensure the user's identity and gain the user's trust.
P.s. There are two types of certificates: common CA certificates and third-party certificates (EV certificates ). The general certificate has only one yellow lock in IE, And the EV certificate lock has text next to it. Which company has verified the domain name.
In IE7, opera 9.5, Firefox 3, and later browsers, the URL for installing the EV certificate is green in the address bar.
Color Description
Red indicates that the certificate has expired, is invalid, or has an error.
Yellow cannot verify the certificate or the identity of the certificate authority that issues the certificate. This may indicate a problem with the Certificate Authority's website.
The white certificate has been properly verified. This indicates that the communication between the browser and the website is encrypted. The Certificate Authority has not made any statement on the commercial conduct of the website.
Green this certificate uses extended verification. This indicates that the communication between the browser and the website is encrypted, and the certificate authority has confirmed that the website is owned or operated by an enterprise, the Enterprise is legally organized according to the permissions displayed on the certificate and security status bar. The Certificate Authority has not made any statement on the commercial conduct of the website.
If you try to use both secure (https/SSL) and insecure (HTTP) Web server connections to display elements, a prompt box will pop up in IE, And the chrom HTTPS will be warned with a red slash. In this case
Change the following to a relative path or Use https to connect directly. The dialog box is unfriendly.
-
- Image
-
- Style Sheet stylesheet
-
- Script File JS
- IFRAME
-
- ...
For our normal website, we only need the class1 certificate.
Of course, you can also issue an SSL certificate to yourself, but the certificate you issue is not supported by the browser, and every access will have a security prompt, because you are not a trusted Certificate Authority, from the current Trusted Root Certificate Authority, only startssl provides a free SSL certificate, of course, only class1, other levels all cost money, but it doesn't matter. We only need class1.
Open Https://www.startssl.com
Register a new user Https://www.startssl.com /? APP = 11 & Amp; Action = regform
After registration, you can log on to your mailbox to activate your account.
Note: startssl does not verify your identity using the user name and password. Instead, it issues you with an independent certificate to verify your identity. Please keep your certificate safe.
Apply for a certificate
Log on to startssl, click "validations wizard", select "Domain Name validation", enter your domain name, select the suffix and continue, and you will be prompted to verify the domain name owner through which email address. Generally
Postmaster@im286.com
Hostmaster@im286.com
Webmaster@im286.com
××× @ ××. Com (email in the Domain Name contact information)
Click "continue" and enter the verification code in the received email to verify the domain name. Note that the verification validity period for the domain name is one month. If you want to apply for a certificate again after one month, you need to verify it again.
After verifying the domain name, click certificates wizard and select "Web Server SSL/TLS certificates". Next, enter the private key password (a minimum of 10 characters, a maximum of 32 characters, and only numbers and letters are allowed, if you have a CSR file, skip this step .)
Copy the generated private key to notepad and save it. Do not make any changes. Next, you will be prompted to select the domain name, that is, the domain name you have verified. Next, enter the second-level domain name. Next, OK.
Wait for them to issue the key. It is best to decrypt your private key during the waiting period, because this private key is encrypted. If you use this key directly, when starting the web server, you must enter the private key password.
click" tool box ", select" decrypt Private Key ", and enter your private key and password. Then, save the decrypted key as SSL. key.