Configure Certificate Server and HTTPS Access Web site under Windows server R2

Directory

• Configuring the Environment
• Understanding HTTPS
• Configuring the CA Certificate Server
• Create a new sample Web site and publish it in IIS
• Create a new self-signed certificate and configure HTTPS
• Trouble shooting
  • Other machines cannot be accessed by

Configuring the Environment

Windows version: Windows Server R2 Enterprise

Service Pack 1

System type: 64-bit operating system

Understanding HTTPS

Why do I need HTTPS?

When we browse the site, most of the site's URLs are HTTP, HTTP protocol we are familiar with, the information transmitted through the plaintext;

The use of HTTP protocol has its advantages, it and the server transfer data between faster and more accurate;

But HTTP is obviously unsafe, and we can also notice that when we use email or pay online, we use HTTPS;

HTTPS transmits data by using a certificate and encrypting the transmitted information, which is more secure relative to HTTP.

Http://zh.wikipedia.org/wiki/HTTPS

Http://www.ruanyifeng.com/blog/2011/02/seven_myths_about_https.html

Configuring the CA Certificate Server

Start menu--Administration Tools--Server Manager

Select the left Tree menu role node, right-click Add role

Tick "Active Directory Certificate Services", click the Week "Next" button

Click on the "Next" button

Clicking the "Next" button will bring up the "Add Roles Wizard" interface.

Click the "Add Required Role Services" button

Click on the "Next" button

Specify the installation type, select "Enterprise", click the "Next" button,

"Enterprise" requires a domain environment

"Standalone" does not require a domain environment

Select "Root" and click "Next" button

Select "New Private Key" and click "Next" button

Select cryptographic service provider: "Rsa#microsoft software Key Storage privoider"

Key word character length: "2048"

Select the hash algorithm for the signing certificate issued by this CA: SHA1

Then click on the "Next" button

It's best not to change the name, just click "Next" button

Direct "Next" button

Here is the certificate database and the address of the log, by default path can be, and then click the "Next" button

Click on the "Next" button to request the IIS server

Tick the required items on the run ASP, and click the "Next" button

Click on the "Install" button

When you are prompted to install successfully, click the "Close button"

Create a new self-signed certificate and configure HTTPS

Select the IIS root node, locate the server certificate in the features view, and enter

Locate the previously configured CA, "Adserv-porschev-ca", and click "Create self-signed certificate"

Enter a friendly name for the self-signed certificate you want to create

To re-add a Web site to IIS

Binding type: Https

Port number default is 443, can not modify

SSL Certificate Select the newly created self-signed certificate and click "OK".

Run the "Default.aspx" page in IIS with the following effect

Click "Continue to browse this website", successfully display the content, HTTPS configuration success!!

Click "Certificate Error" on the browser prompt and "View Certificate".

The value issued to this item is: "Porschev.adserv.com"

Access to some websites can also be accessed via url:https://porschev.adserv.com:8000/

Trouble shooting

Use Https://porschev.adserv.com:8000/on other machines to access the sample site, as

There are two possible causes:

1.DNS Specifying a problem

Workaround: In cmd window PINGporschev.adserv.com, get IP address

Turn your computer's preferred DNS address for local connections into a porschev.adserv.com corresponding IP

2. Issues with inbound rules

Workaround: Build an allowable inbound rule for Port 8000, and follow the steps below

Start---> Administrative Tools---> Windows Firewall with Advanced Security---> Left tree menu select "Inbound Rules"---> Right-click "New Rule"

---> Rule type Select ports, click Next---> Protocols and Ports---> select "TCP", enter the port number of your website for a specific local port (example: 8000), click Next

---> Next until the name---> enter a custom name (example: 8000 Allow rule), click Done.

Then enter the URL above to access the site normally.

Configure Certificate Server and HTTPS access Web sites under Windows Server R2