Deploy and build an https (SSL/TLS) Local test environment under IIS In Win10 System

Deploy and build an https (SSL/TLS) Local test environment under IIS In Win10 System

Sometimes we want to deploy some XX projects in the company as https sites to Encrypt transmission at the transmission layer to prevent others from sniffing important site data, the http method we use is usually plain text transmission, which is very insecure and easy to be stolen by others. In some cases, you need to build an https environment locally for testing. The following describes how to build an https test site locally.

First, go to the certificate authority to apply for a certificate for testing. There are many certification bodies, such as 1. http://www.symantec.com/zh/cn/ 2. https://www.geotrust.com/3. https://cn.globalsign.com these three have trial certificate application, Symantec is better to apply for 30 days trial, the next two a relatively short time, one application to review is very slow, so we choose Symantec.

First enter the official http://www.symantec.com such as, and then enter the SSL Certificates page, in which find try, good English can step by step application, bad can only come to Chinese.

Here Chinese application address http://www.symantec.com/zh/cn/ such

 

Then go to the following interface, you can see 30 days of trial, immediately issue information, and so on, continue.

Enter the following information. Make sure that the email is correct and can receive emails normally. Because the last issued certificate is sent to this email address, the company name must be unique, when iis generates the CSR later (how to generate the CSR will be discussed below), it also needs to fill in the same information as this. geotrust will be a poor authority, and he will not allow you to fill in the mailbox, he went to the domain name provider you applied for to get the mailbox information, that is, he must first have a domain name applied for, geotrust is a little more strict, symantec does not need to enter the email address that can receive emails normally. The name is shown in figure 4, and the company name information here may be referenced later.

After filling in the information, we will continue to ask you to apply for the CSR for the certificate signature on the following page. How can this CSR come from? Look down, name figure 5

Open iish and click server certificate

Click Create certificate application. Enter the information in the pop-up box. Note that the common name is the domain name you tested locally. The domain name is valid only when the certificate is installed on the website. The organization and organization unit information can be the same and must be consistent with the "Company Name" information shown in Figure 4. For other information, follow the normal instructions and enter the next step.

Select by region.

Next, keep a. txt file. In the. txt file, enter the CSR information in Figure 5 and copy the information to the csr information box. The following page appears.

Confirm the information. If yes, click Submit. OK. Symantec has sent the certificate information to the email address you entered. Go to the email address and check it.

The content in the email sent by Symantec is as follows: follow these three steps, but not necessarily follow this. In fact, we need to install the root certificate and intermediate certificate here, and install it in the Trusted Root Certificate of the system. Click the link in step 1 and follow the instructions.

Here we have certificates for all mainstream browsers, which are the first in a single machine. After ie is installed, chrome can be downloaded separately from other browsers.

Click to download the root certificate.

Continue under a single machine

Click the two links in the red box to copy the certificate information in the two links, and then copy the first link and save it as root. cer, the second link is copied and saved as mid. cer, save it as a. txt file, and then modify the extension. Note that the information to be copied must include.

The certificate information in the two links is about long.

----- Begin certificate -----
Miiffdccbgsgawibagi?ju3hlvgvkvsunz37mouqdanbgkqhkig9w0baqufadcb
TV0P/hcJt5CbqE7008EnPQ =
----- End certificate -----

The following root certificate and intermediate certificate are OK. How can we have three certificates here? The third one is easy to handle. Open the email address Symantec sends to you. The bottom one is the certificate you want to install in iis, it is also a copy to save it. cer format, such as the Third.

Click "server certificate", click "apply for Certificate", and then select the certificate saved in the email, that is, the third one. Do not select the wrong one.

After the import is complete, you can view it in the server certificate, and then click your site. The domain name of this site must be consistent with the domain name you entered in Symantec, then click bind, add, and select https, you do not need to fill in the host name, because you have already bound an http method. Here you do not need to fill in. Select the certificate you just imported for the certificate, so that iis is basically configured, now both http and http are supported. This is simple. Note that sometimes the https type cannot be bound, or the website cannot be started, some software may occupy port 443, run the "netstat-ano" command in cmd to check whether the process is being killed. The process is okay. If it doesn't work, restart the process. Then, do not open any software. Bind or start the process first.

Then open the site. What's wrong with this? Don't forget that the two certificates have not been installed yet. install one root certificate and one intermediate certificate.

,

Double-click the root certificate and install the intermediate certificate. Note that these two certificates must be installed in the "Trusted Root Certificate Authority", as shown in

Restart the browser after installation.

This article permanently updates the link address: