How to Establish an SSL Security Mechanism on IIS server

This article does not systematically describe how to configure the IIS server in a comprehensive and secure manner. We only explain in detail the knowledge of setting up an SSL security mechanism for the IIS server, it is of great significance for us to protect IIS servers.

In addition to anonymous access, basic authentication, and Windows NT request/response methods, the identity authentication of the IIS server also provides a more secure authentication, that is, using SSL (Security Socket Layer) security Mechanisms use digital certificates. SSL (encrypted SOCKET protocol layer) is located between the HTTP layer and the TCP layer. encrypted communication between users and servers is established to ensure the security of transmitted information.

SSL is based on a public key and a private key. Any user can obtain a public key to encrypt the data. However, to decrypt the data, the corresponding private key must be used.

When using the SSL security mechanism, the client first establishes a connection with the IIS server. the IIS server sends its digital certificate along with the public key to the client, and the client generates a random session key, encrypt the session key with the public key obtained from the server and upload the session key to the server over the network. The session key can be decrypted only on the server, the client and the server establish a unique security channel.

After an SSL security mechanism is established, only customers allowed by SSL can communicate with the websites allowed by SSL. When using the URL Resource Locator, enter https: // instead of http: //.

Simply put, by default, the HTTP protocol we use does not have any encryption measures, and all messages are transmitted in plain text on the network, malicious attackers can install listeners to obtain communication between us and the server.

This hazard is especially serious in some enterprises' internal networks, for the enterprise intranet that uses the HUB, there is no security, because anyone can see other people's activities on the network on a computer, for networks that use vswitches for networking, the security threats are much less.

However, there are still many security breakthroughs. For example, if you do not change the default user and password of the vswitch, you can set your network interface as a listener to monitor all activities of the entire network.

Therefore, fully encrypting the entire network transmission tunnel is indeed a good security measure. Unfortunately, there are not many articles on the network about configuring SSL for the IIS server, I simply tried to share my experience with you.