Step by step--graphical configuration IIS5 SSL secure access

Mikespook Version: 1.0 last update: 2004-12-22 16:04 Step by Step--graphical configuration IIS5 SSL secure access ... 1 write in front of ... 1 First step:       preparation work ... 1 Step two:       IIS Create certificate ... 3 Step three:       request a certificate from the certification authority ... 8 Fourth Step:       issue Certificate ... 10 Fifth Step:       Install the certificate, configure SSL. 12 Sixth step:       complete ... 14  write in the front of these days their own mall finished, ready to engage IIS5 SSL access. Looked up a circle of information, found that most articles are the same. Although the writing is very detailed, but East a hammer, west a wooden club, let me not touch the mind. Strike Strike Strike See Help directly, learn to match it. I didn't expect it to be smooth. Write an essay on this to help a friend who is as confused as I am. I'll make a pact with the readers before reading this article. I assume that you will use the mouse and keyboard and be able to perform basic operations on Windows Server (I just want to explain how to configure SSL secure access for IIS5 in this article, and I don't want to be involved in how to double-click the icon.) ）。 You also have IIS and browser installed correctly on your computer (this is the standard configuration for Windows Server, if you are using Windows version Professional, you do not have to read this article because this version does not support SSL access for IIS.) ）。 Step:    Preparation First you should have a computer of your own and need to have a mouse, keyboard, or you can access it from another computer with a mouse keyboard. Don't throw anything at me. Most servers are ^_^ without a mouse and keyboard. This computer should be installed with Windows $ Server or Windows Advance server. Other versions of Windows either do not support SSL access for IIS or are not the same as the configuration methods discussed in this article, such as the IIS6 of Windows 2003. Then there is the need to check if your computer has "Certificate Services" installed, if you haveYou can skip this step by installing the component. Click "Add/Remove Windows Components" in the "Control Panel" à "Add/Remove Programs" and locate "Certificate Services" before they are ticked. 1. Figure 1 Note that this service has two sub-options "Certificate Services Web enrollment support" and "Certificate Services Authority (CA)". These two functions need to be installed for the convenience of the period. Figure 2.   Click Next, the Windows Components Wizard will guide you through the installation of the service. The "Certification Authority Type" option appears during the installation process and it is important to select the standalone root (Figure 3). Of course, if you are in the domain, please do not continue reading. Because that's the enterprise root or enterprise subordinate root that needs to be created. Figure 3 When you have completed the installation of Certificate Services, you will have one more "certification authority" icon in your control panel à "Administrative Tools". Figure 4 the preparation is done. The second step:    IIS to create the certificate completes the above preparation and now allows IIS to request a certificate. Go to Internet Services Manager in Control Panel à administrative tools. Right click on the site you need to configure, in the pop-up menu select "Properties" (if you are the same as I use the left hand mouse, then click the left mouse button.) ）。 The 5 Properties dialog box opens. In directory security, click the Server Certificate button (Figure 6). Figure 5 Figure 6 There will be an IIS Certificate Wizard to step you through the application of the certificate (Figure 7). Figure 7 Click Next to select "Create a new certificate" and continue (Figure 8). There are two other ways to say "Assign an existing certificate" and "import a certificate from a key Manager backup file" can also correctly configure the SSL access of IIS, but it is different from the order of this question, it is not mentioned here. Figure 8 Continue to create the certificate, "Select Prepare request now, but send later". In fact, you can only choose this option, and another option, "send a request immediately to an online certification authority" is not available in most cases (Figure 9). I also did not find out when it was available, and when not to use the information. The personal guess is that if you choose xxxxxxxxxxxxx or xxxxxxxxxx When you install Certificate Services, you may be able to apply directly. If that's what I guess, then the trouble behind that can be skipped. ^_^ Figure 9 continue to "next", you will be asked to enter an easy-to-remember name to identify your certificate. You will also be asked to choose "bit Length", which is actually the encryption strength. The larger the "bit length", the safer it becomes. This is, of course, at the expense of performance (Figure 10). Figure 10 Next is the input organization and department, which will appear in your certificate and will appear when others view your certificate (Figure 11). It's better to use a legitimateName, don't forge someone else's certificate oh. For example, I entered the organization is "Mikespook & swill", the department because it is for my store application, so I enter "Xyshop". Figure 11 When you enter the site common name, be aware that it is best to use the domain name that you will bind. Otherwise, when someone visits your site and pops up the Certificate confirmation dialog box, there will be a hint with a name mismatch (Figure 12). Figure 12 then enters the geographic information (Figure 13). Figure 13 The final step is to save the generated certificate for later use (Figure 14, Figure 15, figure 16). Fig. 14 Fig. 15 Fig. 16 At this time in the C packing directory, a certificate file Certreq.txt encoded by BASE64 is saved. Of course, if you choose a different path when you save the certificate (Figure 14), it will be different. Step three:    requesting a certificate from the certification authority see "certification authority" don't be nervous, we don't have to deal with authority departments, we don't need to prepare paperwork and other cumbersome documents. Because the Certificate Services installed in the first step is our certification authority. Entering address http://localhost/CertSrv/in the browser opens the Microsoft Certificate Services page (Figure 17). Select the request certificate and click on the button "next". Figure 17 When selecting the request type, you should select Advanced request to import the IIS certificate generated in the second step (Figure 18). Figure 18 because the certificate file that you saved in the second step is BASE64 encoded, we should select either "Use BASE64 encoded PKCS #10文件提交一个证书申请, or use BASE64 encoded PKCS #7文件更新证书申请" (Figure 19). Figure "Ctrl + A", "Ctrl + C", "Ctrl + V" This is every person using MS operating system to memorize the heart of the "treasure." Use this "treasure" to copy the contents of the file generated in the second step into the text box shown in Figure 20. Figure 20 you will receive a "Certificate Pending" notification, which means that your certificate has been submitted (Figure 21). Figure 21 The fourth step:    issued the certificate and the certificate was submitted to the certification authority. Hehe, hurriedly oneself give oneself method a certificate bar. Go to "Control Panel" à "Administrative Tools" open the "certification authority" shown in Figure 3, open the "certification authority (local)" Tree on the left, and find "Pending application" (Figure 22). Figure 22
Looking at the list on the right, the certificate request you just submitted is impressively in the eye (Figure 23). What are you waiting for? You're not rushing through? Figure 23 Right-click on the certificate to be applied and the "All Tasks" item in the pop-up menu, select the subkey "issue". This "Pending request" is then transferred to "issued certificate". Under issued certificates, locate the certificate that you just made, and double-click Open. and select "Copy to File" in the "certificate" à "details" (Figure 24). Figure 24 in the Certificate Export Wizard, select any of the CER format exports, such as DER encoded binary (Figure 25). and save it as a file. We have completed a milestone in this photo. ^_^ The Fifth step: Install the certificate, configure SSL now go back to the IIS Certificate Wizard, which is under the properties of the IIS property (forget it?) See Figure 7). The "Next step" at this point has become a "pending certificate Request" (Figure 26). It is natural to select "Process pending requests and install certificates". Figure 26 Select the CER file that you just exported in Figure 22 (Figure 27). Figure 27
The next step is to complete the installation of the certificate. The certificate is then installed. The edit button that was not previously available after installing the certificate is activated (Figure 28), and clicking the Edit button opens the Secure Communication dialog box. Figure 28 Check (Figure 29) In the Secure Communications dialog box before requesting secure communications (SSL) and determine. Figure 29 in the IIS Properties dialog box under "Web site" to find "SSL port", you will find that the original unavailable text box can now be entered. Set the text box content to 433 after "OK" (Figure 30). Figure 30 The sixth step: complete Now you use HTTP (Figure 30) and HTTPS (Figure 31) to access the site you just configured, to see what is different. Figure 30 Figure 31 Yes, OK, it's done. Configuring IIS for SSL access is a breeze, as long as you're doing it step-by. hehe ~ ^_^

Step by step--graphical configuration IIS5 SSL secure Access (RPM)