How to create an HTTPS website? How to configure HTTPS service in IIS

Source: Internet
Author: User
Tags website performance
ArticleDirectory
    • How to create an HTTPS website? How to configure HTTPS service in IIS
Step 1: Start SSL in IIS
The method takes only three steps:

1. Download IIS 6.0 Resource Kit tools: http://www.microsoft.com/downloads/details.aspx? Familyid = 56fc92ee-a71a-4c73-b628-ade629c89499 & displaylang = en
2. install.
3. "All Programs-> IIS resources-> selfssl", type "selfssl" in the command line, and answer "Y", and you are done.

Now you try to access: https: // localhost in the browser. You will find a window asking if you want to accept an untrusted certificate. Select Yes, and you are in a safe channel now.

Step 2:

How to create an HTTPS website? How to configure HTTPS service in IIS

What is HTTPS?

HTTPS (Secure Hypertext Transfer Protocol) Secure Hypertext Transfer protocol.

It is composed
Netscape is developed and built in its browser. It is used to compress and decompress data and return the results uploaded and returned by the network. HTTPS actually applies the full set of Netscape.
The word Layer (SSL) serves as the child layer of the HTTP application layer. (HTTPS uses port 443 instead of using port 80 as HTTP to communicate with TCP/IP .) SSL usage 40
Bit key as RC4 Stream EncryptionAlgorithmThis is suitable for business information encryption. HTTPS and SSL support X.509 digital authentication. If necessary, you can confirm who the sender is ..

HTTPS is an HTTP channel targeted at security. It is simply a secure version of HTTP. That is, the SSL layer is added under HTTP. The Security Foundation of HTTPS is SSL. For details about encryption, see SSL.

It
Is a URI
Scheme (Abstract identifier system), syntaxes are similar to http: system. Secure HTTP data transmission. Https: the URL indicates that HTTP is used, but HTTPS is different.
The default port of HTTP and an encryption/authentication layer (between HTTP and TCP ). This system was initially developed by Netscape and provides authentication and encrypted communication methods.
It is widely used for secure and sensitive communications on the World Wide Web, such as transaction payment.

Restrictions
Its security protection relies on the correct implementation of the browser and the support of server software and actual encryption algorithms.

I
A common misunderstanding is that "bank users Use https online: they can fully protect their bank card numbers from being stolen ." In fact, the encrypted connection with the server can protect the bank card number, only the user
The connection to the server and the server itself. The server itself cannot be absolutely secure, which has even been exploited by attackers. A common example is a phishing attack that imitates the domain name of a bank. A few rare attacks are reported on the website
When customer data is lost, attackers attempt to eavesdrop the data during transmission.

Commercial websites are expected to introduce new special processing as soon as possible.ProgramTo the financial gateway, only the transfer code (transaction number) is retained ). However, they often store bank card numbers in the same database. In rare cases, databases and servers may be attacked and damaged by unauthorized users.

Before TLS 1.1
This section is only applicable to conditions before TLS 1.1. Because SSL is located at the next layer of HTTP and does not understand higher-level protocols, generally, the SSL server can only issue certificates to specific IP/port combinations. This means that it often cannot be combined with HTTP to form HTTPS on a virtual host (based on a domain name.

This point has been updated in the upcoming TLS 1.1-Domain-based virtual hosts are fully supported.

Configure SSL for Web Servers
To enable SSL in IIS, you must first obtain a certificate used to encrypt and decrypt information transmitted over the network. IIS has its own certificate request tool. You can use this tool to send Certificate requests to the Certificate Authority. This tool simplifies the process of obtaining certificates. If you are using Apache, you must obtain the certificate manually.
In
In IIS and Apache, you will receive a certificate file from the certificate authority, which must be configured on the computer. Use Apache
The sslcacertificatefile command reads the certificate from its source file. In IIS
You can use the directory security option card of the website or folder properties to configure and manage certificates.

You can migrate certificates from Apache to IIS. However, Microsoft recommends that you create a new IIS certificate or obtain a new one.

This process assumes that your site already has a certificate.

1. log on to the web server computer as an administrator.
2. Click Start, point to settings, and then click Control Panel.
3. Double-click the management tool and then double-click Internet Service Manager.
4. Select a website from the list of different service sites in the left pane.
5. Right-click the website, folder, or file for which you want to configure SSL communication, and then click Properties.
6. Click the Directory Security tab.
7. Click Edit.
8. To require SSL communication for websites, folders, or files, click require SSL ).
9. Click require 128-bit encryption to configure 128-bit (instead of 40-bit) encryption support.
10. To allow users to connect without providing a certificate, click Ignore client certificate.

Alternatively, if you want users to provide a certificate, use the client certificate.
11. to configure client ing, click Enable client certificate ing, and then click Edit to map client certificates to users.

For example
If this function is configured, You can map customer certificates to Active Directory respectively.
. You can use this function to automatically identify users based on the certificates provided when users access the website. You can map a user to a certificate (a certificate identifies a user) or map many certificates
A user (matches a specific user against the certificate list according to specific rules. The first valid match is ing .)
12. Click OK.

The following describes how to configure the required certificate file through the IIS certificate wizard. (From: it168)

Step 1: Start the IIS editor through IIS manager in "Administrative Tools.

Step 2: Right-click the default website and select "properties ". (11)
550) This. style. width = 550; If (this. Height> 550) This. style. width = (this. Width * 550)/This. height; ">

Figure 11

Step 3: click the "Directory Security" tab in the default website Properties window and click "server certificate" in the security communication area. (12)
550) This. style. width = 550; If (this. Height> 550) This. style. width = (this. Width * 550)/This. height; ">
Figure 12

Step 4: The Web server certificate wizard is automatically opened. (13)
550) This. style. width = 550; If (this. Height> 550) This. style. width = (this. Width * 550)/This. height; ">
Figure 13

Step 5: Select "New certificate" in the server certificate area, and then continue. (14)
550) This. style. width = 550; If (this. Height> 550) This. style. width = (this. Width * 550)/This. height; ">
Figure 14

Step 6: Select "Prepare certificate request now, but send it later" for the delay or immediate request ". (15)
550) This. style. width = 550; If (this. Height> 550) This. style. width = (this. Width * 550)/This. height; ">
Figure 15

Step 7: Set the Certificate Name and specific positioning length. Keep the default website name. Select 512 from the drop-down menu. (16)
550) This. style. width = 550; If (this. Height> 550) This. style. width = (this. Width * 550)/This. height; ">
Figure 16

Tip: bit length is mainly used for secure encryption. The longer the bit length, the more secure it is. However, the transmission efficiency will be affected, and the website performance will also be affected. Generally, 512 is enough.

Step 8: Enter the organization information, including the organization and department. (17)
550) This. style. width = 550; If (this. Height> 550) This. style. width = (this. Width * 550)/This. height; ">
Figure 17

Step 9: Enter localhost in the public site name window. (18)
550) This. style. width = 550; If (this. Height> 550) This. style. width = (this. Width * 550)/This. height; ">
Figure 18

Step 10: Enter the geographic information as needed. (19)
550) This. style. width = 550; If (this. Height> 550) This. style. width = (this. Width * 550)/This. height; ">
Figure 19

Step 2: Set the name of the file requested by the certificate. We can save it to the table to make it easy to use. The saved file name is certreq.txt. (20)
550) This. style. width = 550; If (this. Height> 550) This. style. width = (this. Width * 550)/This. height; ">
Figure 20

Step 2: complete the IIS certificate wizard configuration and save the corresponding certificate file to the desktop as required. (21)
550) This. style. width = 550; If (this. Height> 550) This. style. width = (this. Width * 550)/This. height; ">

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.