Sometimes want to put some of the company's XX project to the HTTPS site, is to encrypt transmission in the transmission layer to prevent others to sniff the site important data information, usually we use the HTTP method is plaintext transmission is very insecure, easy to be stolen by others. And sometimes you have to set up a local HTTPS environment for testing, the following look at the specific local build HTTPS test site.
First go to the certification authority to apply for a certificate for testing, many certification bodies, such as 1.http://www.symantec.com/zh/cn/2.https://www.geotrust.com/3.https://cn.glob Alsign.com These three have a trial certificate application, Symantec better apply for 30 days trial, after two a relatively short time, a request to review very slow, so we choose Matic.
First enter the official http://www.symantec.com such as, and then into the SSL Certificates page, in the inside find try, English good can step by step application, bad can only come to Chinese.
Here Chinese application address http://www.symantec.com/zh/cn/such as
Then enter the following interface, you can see the trial for 30 days, immediately promulgated information, such as continue.
Fill in the following information, note that the e-mail to fill in the correct and can normally receive mail, because the last issue of the certificate issued to this mailbox, the company name is also unique, the following IIS generated CSR (how to generate CSR below will say) also to fill out the same information, geotrust an authority is very pit dad, He does not let you fill in the mailbox, he is to you apply for a good domain name business to pick up the mailbox information, is to have a good domain name, geotrust slightly stricter, Symantec this does not have to fill in the normal mail to receive the mailbox on the line, named as Figure 4, may be quoted here information company name information.
After filling in, continue to the following interface to request your certificate signing application CSR How does this CSR come down and look down and name Figure 5
Open Iish This location click Server Certificate
Click Create certificate request, pop-up box fill in the information, here to note that the common name is your local test domain name, the last site installation certificate is only valid for this domain name. Organization and organizational unit information as can be and to the previous figure 4 on the "Company name" information consistent line, the other according to the normal fill, fill in the next step.
Follow the these drawings selection.
Then the next step to maintain a. txt file, the. txt file is to fill in the CSR information in Figure 5, the information is copied into the CSR information box, continue to appear the following interface
Confirm the information, yes click Submit, OK successful, Symantec sent the certificate information to your previous fill in the mailbox, quickly go to the mailbox to see it.
Open Symantec Email content is this, follow these three steps, but also do not necessarily follow this, in fact, here to do two things to install root certificate, and intermediate certificate, and installed in the system's trusted root certificate, click on the link in Step1, follow this.
Here are all the main browser certificate, single-machine first, finally installed Ie,chrome Basic can be other browsers do not download separately.
Click to download the root certificate.
Continue under stand-alone
Respectively, click on the red box two links, respectively, two links inside the certificate information copy to come out, and then the first copy of the link to save as Root.cer, the second copy of the link to save as Mid.cer, first saved as a. txt file after the extension can be changed, Note that copies of the information must be copied to include--------this stuff.
The certificate information in those two links is probably that long.
-----BEGIN CERTIFICATE-----
Miiffdccbgsgawibagiqfju3hlvgvkvsunz37mouqdanbgkqhkig9w0baqufadcb
tv0p/hcjt5cbqe7008enpq==
-----END CERTIFICATE-----
such as the next root certificate and intermediate certificate is OK, here is how there are three, the third good to do, open Symantec sent you the mailbox the most below is the certificate you want to install into IIS, but also copy to save him. A CER form, such as a third.
Or click on the server certificate, then click Finish Certificate Request, and then select the certificate saved in the message, that is, the third one, do not choose the wrong AH.
After the import is completed can be viewed in the server certificate, and then click on your site, the domain name of this site and you in the domain name of Symantec to match, and then click on the binding, add, and then choose HTTPS, host name do not fill, because it has been bound to an HTTP way, here do not fill in, The certificate selects the certificate you just imported, so that IIS is basically configured, now HTTP and HTTP are all supported, it is so simple, note that sometimes binding HTTPS type binding is not, or the site can not get up so may be some software occupies 443 port, cmd input netstat- Ano see that process under the use of kill him, basically OK, really do not restart, and then do not open any software, first bind or start should be on the line.
Then open the site, the pit dad this How, don't forget before those two certificates have not installed it, a root certificate, an intermediate certificate, install it
,
Double-click Root certificate installation, and then, when you install intermediate certificates, note that both certificates are installed in trusted Root certification authorities, such as
Restart the browser after each installation.
Deploying HTTPS (SSL/TLS) local test environments under WIN10 system IIS