With the increasing emphasis on network security, many websites that provide WEB Services have canceled previously insecure HTTP transmission page information, such as websites such as securities and banks, instead, use SSL-encrypted HTTPS transmission. Now let's take a look at how it is implemented.
Glossary:
Http: Hypertext Transfer Protocol, Hypertext Transfer Protocol;
Https: Secure Hypertext Transfer Protocol, Secure Hypertext Transfer Protocol;
SSL: Secure Sockets Layer, an international standard encryption and Identity Authentication communication protocol, was initially developed by Netscape, and later became a standard for Secure communication and transactions on the Internet. The SSL protocol uses client certificates and CA root certificates from both parties to allow client/server applications to communicate in a way that cannot be eavesdropped, A secure and trusted communication channel is established between both parties. It has the following basic features: Information Confidentiality, information integrity, and mutual authentication.
Environment:
Windows 2000 Server/Windows 2003 Server (taking Windows 2003 Server as an example)
I. Component Installation
1. Install IIS 6.0 and certificate service components through "control panel -- add or delete programs -- add/delete Windows components;
2. If everything is properly installed, you can view the server certificate information through "Control Panel-management tools-Certificate Authority.
Ii. Apply for a document Certificate
1. Create a new certificate application;
Open "Control Panel-Administrative Tools-Internet Information Service (IIS) manager", right-click the default Web site, select "properties", and click the "Directory Security" tab, in "Secure Communication", click "server certificate (S )...", Open the wizard dialog box.
2. Select "New certificate (C)", click "Next", "Next", enter the name "MySoft", select the length "1024", and click "Next ";
3. The system displays the "unit" and "department" input boxes. You can enter a few related data items. Click "Next" and the "public name of the site" appears. Keep the default value. Click "Next", select "country", "Province", and "city", and click "Next ";
4. On the "certificate request file name" Page, select the desired file name and storage location. Keep the default value here;
5. Click "Next" and click "finish" to apply for a certificate. 3. Generate the crt file Certificate
1. Visit "http: // localhost/certsrv/" and submit the certificate you just applied for to the Certificate Authority;
2. select "apply for a certificate-Advanced Certificate Application-submit a certificate application using base64-encoded CMC or PKCS #10 file, or use base64-encoded PKCS #7 file to renew the certificate application ";
3. Open the just-generated “certreq.txt file and copy and paste the content here. Click Submit ";
4. You can see that the certificate you applied for has been received and the current status is suspended;
5. Go back to the "control panel-management tools-Certificate Authority" component and click the "pending application" node to view your application form;
6. On the certificate, right-click all tasks-issue from the menu, and the certificate is transferred to the issued certificate node.
Iv. Application Certificate
So far, the certificate has been applied and issued successfully. Next let's see how to enable this certificate.
1. access "http: // localhost/certsrv/" and select "view pending Certificate Application Status-saved application certificate". Select "Base 64 encoding ", download the certificate to your local device. The file name is "certnew. cer ";
2. open "Control Panel-Administrative Tools-Internet Information Service (IIS) manager", right-click the default Web site, select "properties", and click the "Directory Security" tab, in "Secure Communication", click "server certificate (S )...", Open the wizard dialog box and click "Next ";
TIPS: The Wizard dialog box for this operation is different from the previous one.
3. select "process pending requests and install Certificates" and click "Next" to add the downloaded certificate file "certnew. cer, click "Next" and "Next" to complete the wizard;
4. view the certificate and edit the certificate;
5. Select "edit" to open the Setting Dialog Box. Be sure to check "require secure channel (SSL) (R)" and click "OK" to complete the final setting.
5. Start Using
So far, we have completed all the settings required for Secure Web sites, but re-accessed the Site Page
"Http: // localhost/", but an error message is displayed: "This page must be viewed through the security channel ".
Access the site over https: "https: // localhost/". A certificate security alarm is displayed. After "yes" is selected, the page we need is displayed.
