How to Apply for a free ssl Certificate and enable https on IIS, sslhttps
Because the ssl certificate is involved in applet development, it took a few days.
We are very grateful to the after-sales engineers of "Asia integrity-TrustAsia ".Huang Gong (QQ2355718943 TEL: 021-58895880-663)Thanks to Ms. Cheng, the business representative of Asia integrity-TrustAsia, for providing technical support. If you have seen this article, please contact your friends who need to pay for ssl first.Ms. Cheng (QQ2489437721 TEL: 021-58895880-626 4008808600)Thank you again for your help. Also, thanks to the customer representatives of xinnet Hebei Elastic Compute service.Wei Gong (TEL: 15383219371).
1. https://freessl.org/free certificate application Asia Credit-TrustAsia's website.
2. Enter your domain name
3. Click "create free ssl certificate ".
4. Follow the relevant settings.
5. Click Generate.
6. Add a txt resolution under domain name dns resolution and fill in the following record values.
7. Wait a few minutes and click "verify" for verification. If it succeeds, it will soon become "verified ".
8. After the verification is completed, the "Certificate file" and "private key file" will appear on the page and copy the code to notepad. Record the file of the domain name.
9. Click Download Certificate under the certificate code to save the file. In this way, you can obtain the zip file containing "full_chain.pem" and "private. key.
10. Then, go to "https://myssl.com/cert_convert.html#" to perform conversion.
11. On the certificate format conversion page, select the target pem format as the original format and change it to pkcs12,
12. The certificate file is the "full_chain.pem" in the decompressed zip file or the previous "Certificate file" code.
13. The private key file is the "private. key" in the decompressed zip file or the previous "private key file" code.
14. The following "private key password" is optional. This password is required when you import the certificate.
15. Fill in the "keystore password" and confirm it. Remember the password that will be used later. (It seems that no password is required, but I did not try it .)
16. Click Submit below to get the. pfx file starting with the domain name
17. Copy the obtained file to the server, enter "mmc" in the command line, and press enter to bring up the console.
18. perform the following operations on the console: file, add/delete Management Unit, available management unit, certificate, add, and OK.
19. In the Certificate Management Unit, select "Computer Account" and click "Next ".
20. In the select computer window, select "Local Computer (computer running this console)" prompt: This is the default "and then" complete ".
21. The console will become.
22. Open certificate personal certificate, right-click all tasks in the blank window on the right to import...
23. This page is not available. Go to the next step and Click Browse at the file name to find the directory where the certificate is stored. Here is a note, the file type below must be changed to "Personal Information Exchange (*. pfx ;*. p12) ", so that we can find the file we previously converted.
24. Enter the password in the received window. The password here refers to the "keystore password" we entered when converting the certificate format. Next step.
25. Select "in the window to store all certificates in the following storage" certificate store "and select" individual ". Then, click Next and complete.
26. Three new certificates will be added to the certificate window on the console, one with the same name as the applied domain name.
27. Select the "DigiCert Global Root CA" and "TrustAsia tls rsa ca" certificates and right-click them to cut them to the "Intermediate Certificate Authority" certificate. (If you have previously performed this operation, replace the original two certificates. The deadline for these two certificates will be extended to the new date .) Note: DigiCert Global Root CA is the Root certificate, which is strictly put under the "Trusted Root Certificate Authority". To keep it beautiful, you can delete it.
28. Now, the certificate application and installation are complete. Then IIS8 enables https settings.
29. Exit the console program and open the IIS manager.
30. On the website where you need to activate https and apply for the ssl certificate, select "bind".
31. On the "website binding" Page, select "https" in the "add website binding" window, and select your certificate for the ssl certificate below. If multiple websites coexist, you need to check the "require server name indication". Otherwise, the same certificate will be used for all sites.
32. Click OK in the last step.
Then you can access your https site. I have no other options here, in order to use http and https. For more information, see Baidu.