SSL stands for "Secure Sockets Layer". Its Chinese name is "Secure Sockets Layer Protocol Layer", which is a WEB application-based security protocol proposed by Netscape. SSL enables high-intensity encryption of email content to prevent hackers from listening to your communication content or even your password.
First, let's introduce SSL. The full name of SSL is "Secure Sockets Layer", and the Chinese name is "Secure Sockets Layer Protocol Layer", which is Netscape) the security protocol proposed by the company based on WEB applications. The SSL Protocol can be divided into two layers: SSL Record Protocol (SSL Record Protocol): it is built on a reliable transmission Protocol (such as TCP, provides data encapsulation, compression, encryption, and other basic functions for high-level protocols. SSL is short for Security Socket Layer. It is technically called Secure Socket. It can be a simple encrypted communication protocol. SSL can be used to encrypt communication (including email) content at high strength, to prevent hackers from listening to your communication content or even your password.
So what is the significance of using SSL on Xml Web Service? Xml Web Service transmits data in Xml format, while Xml is a plain text, which is transmitted through TCP/IP at the transmission layer. The transmission of TCP/IP may be illegally monitored, hackers can easily Parse Xml data, intercept information, or even tamper with data, which makes Xml Web Service insecure in data transmission. SSL can be used to encrypt the original Xml with high strength, effectively preventing unauthorized interception and tampering of data during transmission.
The following describes how to use SSL on Xml Web Service. To use SSL, a digital certificate is required. You can purchase this certificate commercially or use the certificate generated by your own CA, it only requires some additional work. Generally, if your network service is used for the cooperation interface between enterprises, you can use the certificate generated by your own CA, but financial institutions such as banks, their user base is relatively large, and it is best to purchase certificates. This article only describes how to use your CA to generate an SSL certificate.
1. Install the Certificate Authority
Both windows 2003 Standard Edition and Server Edition contain components of the Certificate Authority, but are not installed by default. To apply for a certificate, you must install the certificate authority component. Installation Method:
Open Control Panel-Add/delete programs, select Add/delete windows Components, insert windows installation CD, select "Certificate Service", and click "Next. After the installation is successful, you can go to the next step to apply for an SSL certificate.
2. Apply for an SSL Certificate
To set SSL for a Web Service, you must set the Web Service as a website instead of a virtual directory.
First, open IIS, right-click the website where the web service is located, click Directory Security, select "server certificate" in security communication, click Next, select "New Certificate", and click Next, select "Prepare certificate request now, but send it later", click Next, enter any certificate name, and set the default length to 1024. The longer the length, the better the confidentiality, however, the worse the performance is. Click Next, enter the Organization and department, and click Next. The following page is displayed:
Note: The public name must be the domain name used to access the website. For example, if you want to use the following address to access Web Service, https: // 192.168.1.179 /.., enter "192.168.1.179" here. Otherwise, an insecure certificate will be prompted, resulting in site access failure. After you set this step, click next.
In the IE Address Bar, enter "http: // localhost/certsrv/default. asp. On the page that appears, select apply for a certificate to go to the next page and select Advanced Certificate Application ", on the next page, select "submit a certificate application using Base64-encoded CMC or PKCS #10 files, or use a PKCS #7 file to renew a certificate application". On the next page, enter the base64 code in the file generated in the previous step. The saved attribute can be empty. Just click next.
Next, you need to work through the Certificate Authority to issue the certificate you just applied for, click Start-management tools-Certificate Authority, select the application you just applied for, right-click the certificate you just applied, select "issue", select the issued certificate, click the issued certificate, select details, and click "Copy to file" to save the certificate to a file.
Next, go back to IIS settings, on the site of the network service, click the server certificate again, select "process pending requests and install" Certificate, select the Certificate file you just exported, and then click Next. After installing the certificate, click "Directory Security"> "Secure Communication"> "edit" to check "require secure channel (SSL. In this way, the SSL settings are completed. After selecting SSL, you must use https to access the website. The port used to access the website also uses the SSL port, which is 443 by default, if you cannot access the site normally, check whether the server firewall prohibits access to SSl port 443. Another point is that it is a certificate generated by your CA. If you want others to access the network service over https, you need to do some additional work, import the CA root certificate to the trusted organization of the client certificate, and the client can access the network service normally.