Step by step-Configure SSL secure access for iis5

Step by step -- graphic configuration of iis5 SSL Secure Access Author: mikespook version: 1.0 last updated: Step by Step -- graphic configuration of iis5 SSL secure access... 1 written in front... 1 Step 1: Prepare... 1 Step 2: Create a certificate in IIS... 3. Step 3: apply for a certificate from the certificate authority... 8 Step 4: issue a certificate... 10 Step 5: Install the certificate and configure SSL. 12 step 6: complete... 14. I wrote it in the previous few days in my own mall, preparing to engage in iis5 SSL access. I checked a circle of data and found that most Article They are exactly the same. Although I wrote it in great detail, I couldn't touch my mind. Come on! Come on! Come on! Let's look at help and learn how to configure it. I didn't expect the benefit to be very good. I tried it again. Write an article to help friends who are as confused as me. Before reading this article, I will make an agreement with the reader. I suppose you will use the mouse and keyboard and be able to perform basic operations on Windows 2000 Server (I just want to explain in this article how to configure SSL secure access for iis5, I don't want to mention how to double-click the icon .). At the same time, IIS and browsers are correctly installed on your computer (this is the standard configuration of Windows 2000 server. If you are using Windows 2000 Professional, you do not need to read this article, this version does not support SSL access from IIS .). Step 1: You should first have your own computer, and you need a mouse, keyboard, or you can access it from other computers with a mouse and keyboard. Do not throw me something. Most servers have no mouse or keyboard. Windows 2000 Server or Windows 2000 advance server must be installed on this computer. In other versions of Windows, iis ssl access is not supported, or the configuration methods discussed in this article are different, such as Windows 2003 IIS6. Then you need to check whether your computer has installed the "Certificate Service". If you have installed this component, you can skip this step. Add/delete in "Control Panel" à" Program ", Click" Add/delete Windows components ", find" Certificate Service ", and check before it. 1. Figure 1 note that this service has two sub-options: "Certificate Service web registration support" and "Certificate Service Authority (CA )". For convenience, both functions must be installed. Figure 2. Click Next. The "Windows component wizard" will guide you through the installation of the service. The "Certificate Authority type" option appears during installation. You must select an independent root (Figure 3 ). Of course, if you are in a domain, please do not continue reading. This is because you need to create an enterprise root or enterprise root. Figure 3 after "Certificate Service" is installed, an "Certificate Authority" icon appears in your "Control Panel" à "Administrative Tools. Figure 4 Preparation ends here. Step 2: After IIS has created the certificate, you can now request IIS to apply for the certificate. Go to "Internet Service Manager" in "Control Panel" à "Administrative Tools ". Right-click the site you want to configure and select "properties" in the pop-up menu. (If you are using the left-hand mouse like me, click the left mouse button .). In this case, the "attribute" dialog box in step 5 is displayed. In "Directory Security", click "server certificate" (figure 6 ). Figure 5 Figure 6 then the "IIS certificate wizard" will prompt you step by step to complete the certificate application (figure 7 ). Figure 7 click "Next" and select "Create a new certificate" and continue (figure 8 ). You can also use the other two methods to "assign an existing certificate" and "import a certificate from the key Manager Backup File" to correctly Configure SSL access for IIS, however, the order of this question is different. I will not repeat it here. Figure 8 continue to create the certificate. "select to prepare the request now, but send it later ". In fact, you can only select this option. The other option "send requests to an online certificate authority immediately" is not available in most cases (figure 9 ). I have not found any information available or unavailable. My personal guess is that if you select xxxxxxxxxxxxxxx or xxxxxxxxxx when installing the "Certificate Service", you may apply directly here. If I guess this is the case, I can skip the troublesome processes. Pai_^ Figure 9 goes on to "Next" and asks you to enter a name that is easy to remember to identify your certificate. At the same time, you will be asked to choose "bit length", which is actually the encryption strength. The larger the bit length, the safer it is. Of course this is at the cost of performance (Figure 10 ). Figure 10 enter the Organization and department, which will appear in your certificate and be displayed when others view your certificate (figure 11 ). It is better to use a valid name. Do not forge others' certificates. For example, the organization I entered is "mikespook & swill", and the department applied for it for my mall, so I entered "xyshop ". Figure 11 when entering a public site name, it is best to use the domain name you will bind. Otherwise, when someone else visits your site and the certificate confirmation dialog box is displayed, a prompt indicating that the name does not match is displayed (figure 12 ). Figure 12 follows the input Geographic Information (figure 13 ). The last step in Figure 13 is to save the generated certificate for later use (Figure 14, figure 15, and figure 16 ). Figure 14 figure 15 16 at this time, a certificate file named certreq.txt with base64characters is saved in the C root directory. Of course, if you select another path when saving the certificate (Figure 14), it will be different. Step 3: apply for a certificate from the "Certificate Authority" to see the "Certificate Authority". We do not need to deal with any authoritative departments, but do not need to prepare complicated documents such as application documents. Because the "Certificate Service" installed in the first step is our "Certificate Authority ". Enter the address http: // localhost/certsrv/in the browser to go to the "Microsoft Certificate Service" Page (figure 17 ). Select Apply for certificate and click "Next ". Figure 17 select "advanced application" when "select Application Type" to import the IIS certificate generated in step 2 (Figure 18 ). Figure 18 because the Certificate file saved in step 2 is base64 encoded, we should select "submit a certificate application using the base64 encoded PKCS #10 file, or use the base64 encoded PKCS #7 file to update the certificate application "(figure 19 ). Figure 19 "Ctrl + A", "Ctrl + C", and "Ctrl + V" are typical examples of Ms operating systems ". Copy the content of the file generated in step 2 to the text box shown in Figure 20. Figure 20 now you will receive a notification of "certificate suspension", which means that your certificate has been submitted (Figure 21 ). Figure 21 Step 4: After the certificate is issued, the certificate is submitted to the Certificate Authority ". Hehe, hurry up and give yourself a certificate. Go to "Control Panel" à "Administrative Tools" open "Certificate Authority" as shown in figure 3, open the "Certificate Authority (local)" tree on the left, and find "application to be determined" (Figure 22 ). Figure 22

View the list on the right. The certificate application just submitted is displayed (figure 23 ). What are you waiting? Are you sure you want to pass? Figure 23 Right-click the certificate to be applied, select "all tasks" in the pop-up menu, and select the subitem "issue ". This "pending application" will be transferred to the "issued certificate. Under "issued Certificate", find the certificate you just issued and double-click to open it. In "certificate" à "details", select "Copy to file" (figure 24 ). Figure 24 in the certificate export wizard, select any CER format for export, for example, Der-encoded binary (figure 25 ). And save it as a file. Figure 25 OK. At this point, we have completed another milestone. ^_^ Step 5: Install the certificate and configure SSL now go back to the "IIS certificate wizard" under the IIS properties (forgot? See Figure 7 ). At this time, the "Next" has changed to "pending certificate requests" (figure 26 ). Naturally, you have selected "process pending requests and install Certificates. Figure 26 select the CER file exported in Figure 22 (figure 27 ). Figure 27

Click "Next" to install the certificate. Then the certificate is installed. After the certificate is installed, the "edit" button that cannot be used is activated (Figure 28). Click "edit" to open the "Secure Communication" dialog box. Figure 28 in the "Secure Communication" dialog box, select and confirm the "apply for secure communication (SSL)" section (figure 29. Figure 29 find "SSL port" under "web site" in the "IIS properties" dialog box, and you will find that the text box that was previously unavailable can now be entered. Set the text box content to "OK" after 433 (figure 30 ). Step 6 of Figure 30: Now you can access the site you Just configured using HTTP (figure 30) and HTTPS (figure 31) to see what is different. Figure 30 fig 31 well, OK, complete. As long as you perform this step by step, it is easy to configure SSL access for IIS. Haha ~ Pai_^