Principle:
I will post a detailed explanation about SSL:
SSL BasicsTo protect the security of sensitive data during transmission, many well-known enterprises around the world adopt the SSL (Security Socket Layer) encryption mechanism. SSL is a security and confidentiality protocol proposed by Netscape. It is used in browsers (such as Internet Explorer and Netscape Navigator) and Web servers (such as Netscape Enterprise Server and ColdFusion Server) secure channels are constructed between them for data transmission. SSL runs on the TCP/IP layer and under the application layer to provide encrypted data channels for applications. It uses encryption algorithms such as RC4, MD5, and RSA, A 40-bit key is used to encrypt business information. At the same time, Netscape developed the HTTPS protocol and built it into its browser. HTTPS is actually SSL over HTTP, which uses the default port 443, instead of using port 80 as HTTP to communicate with TCP/IP. The HTTPS protocol uses SSL to encrypt the original data on the sender and then decrypt the data on the receiver. encryption and decryption require the sender and receiver to exchange the common key. Therefore, the transmitted data is not easily intercepted and decrypted by network hackers. However, the encryption and decryption process requires a large amount of system overhead, seriously reducing the performance of the machine. the test data shows that the efficiency of data transmission over HTTPS is only one in 10 of the data transmission over HTTP. If SSL technology is enabled for all web applications of a website for security and confidentiality, and the HTTPS protocol is used for transmission, the performance and efficiency of the website will be greatly reduced, this is not necessary because not all data requires such a high level of security and confidentiality. Therefore, we only need to use HTTPS protocol for interaction and processing of confidential data, in this way, both the fish and the bear's paw can be achieved.
========================================================== ============================
Implementation:
You need to install the Certificate Server, apply for a certificate on the server where IIS is located, and install it. 1. Install the Certificate Server. on the server, add/delete programs, Windows Components, find the Certificate Server, and install it. Restart and check whether the service is started. 2. You need to apply for a certificate for the IIS server: In the IIS web site attributes, Directory Security, certificate, apply for server certificate, at this time, if the Certificate Server is online, you can directly apply. Then, edit the certificate and select "enable SSL" You can use the HTTPS protocol in your browser. This is the basic situation. |
