"Go" CA certificate request +IIS configuration https+ default Access HTTPS path

This article is not original, original address: https://www.cnblogs.com/lichunting/p/9274422.html

A CA Certificate Request

(a). New STARTSSL Registered Account

1. STARTSSL official website

Official website: https://www.startssl.com/

2. After entering the STARTSSL, click on the registered account directly and then go to the email registration page.

3. Click Send verification code, go to the following page, get the verification code from the mailbox, and fill in the specified location, click on Sign up.

4. Once you have successfully verified your email address, STARTSSL will automatically install the only personal certificate in your browser that belongs to your own management Startssl.

5. To view the SSL certificate in the browser, you can see that the Personal Management SSL certificate is valid.

6. Click on the Login Now button for the Certificate Installation Success page or return to the STARTSSL website and click "Login" to log in with your personal credentials.

7. This is the user control center of Startssl.

(b). Request STARTSSL Free SSL

1. Go to the STARTSSL User Management Center and find the free SSL Certificate Request page.

2. Before this first verify a domain name using this certificate, will send the verification code to the domain name registration mailbox, click Validations Wizard, and select the first one, click Continue.

3. Enter the domain name you want to verify click Continue.

4. Select a management mailbox under the domain name, send a verification code, and enter the obtained verification code to verify the domain name.

5. Once the domain verification is complete, the domain name verification is displayed on the right side of the User Admin Center page.

6. Go to the STARTSSL User Management Center and find the free SSL Certificate Request page.

7. Click to enter the following page, and enter the domain name you need to obtain the certificate, here is the level two domain name.

8. Then fill out the certificate signing request as shown in. In this case, you need to fill out the certificate signing request to IIS on the server that is deploying HTTPS.

9. Log on to the server, open IIS, have a server certificate on the right side of the IIS root, and click Open.

10. Click on the right to create a certificate request.

11. Click Next, encrypt the provider and bit the length of the two selected.

12. Select the location of the desktop and create a file named Key.txt.

13. Click Finish to generate the certificate signing request string on the desktop and copy the contents of the file into the CSR Fill box in step 8.

14. Click Submit and the certificate will be generated and you can click here to download the generated certificate.

(iii). STARTSSL free SSL Download use

1. Here is the Startssl free SSL tool Box, which has several very useful features, one is the certificate list, the decryption key, and the generated pkcs#12 file.

2. Click on the Certificate List menu under Tool box to view the list of certificates you have requested.

3. Click Retrieve, or you can download the generated certificate.

4. Download the STARTSSL free SSL certificate package, which contains four packages that correspond to different web environments: Apache, Nginx, Windows IIS, and others.

Two IIS configures HTTPS (one). Complete the certificate request, import the certificate

1. Log on to the server, open IIS, have a server certificate on the right side of the IIS root, click Open, click Finish Certificate request.

2. In the downloaded certificate, copy the certificate from the IIS compression package to the server table name, and specify the certificate file with the domain name to click OK.

3. Click OK to view the imported certificate information at the end of the list.

4. Right-click View to view information about the certificate, the domain name that was filled in when the certificate was issued, and you can see that you have a private key that corresponds to the certificate.

5. At this point, the certificate import succeeds.

(ii). Deploying HTTPS Web Sites

1. On the IIS home page, right-click Site menu, add site.

2. Click OK to launch the site and see if the site was published successfully.

3. Bind the certificate to the Web site to use HTTPS. Locate the Web site that we need to deploy, and in the Server site column, click Bind.

4. Then we click Add, add select HTTPS, default to 443 port, and select the certificate you just imported click OK.

5. As shown, the binding is complete.

6. If the add succeeds. Open the corresponding Web site, find the SSL server certificate, you will find a certificate (the option to enable is optional, before the gray).

7. The site domain name is then accessed using the HTTPS protocol, and the HTTPS protocol is displayed as green, and the HTTPS Web site is successfully deployed.

Note

A. : Allow access to ports on the Windows Firewall of the server that is configured for HTTPS 443 (default to 443 port when binding https).

B. When you configure an HTTPS Web site, port 443 is not occupied.

Three Default access to HTTPS path (one). IIS installation URL Rewrite module

1. IIS7.5.

Chinese 32-bit:

Http://download.microsoft.com/download/4/9/C/49CD28DB-4AA6-4A51-9437-AA001221F606/rewrite_x86_zh-CN.msi

Chinese 64-bit:

Http://download.microsoft.com/download/4/E/7/4E7ECE9A-DF55-4F90-A354-B497072BDE0A/rewrite_x64_zh-CN.msi

English:

Http://www.iis.net/downloads/microsoft/url-rewrite

2. Install the IIS7.5 URL rewrite component.

3. After the download installation is complete, you will find that our IIS interface has more than one URL rewrite component.

4. Note: URL rewriting is the only way to achieve full-site HTTP jump https.

So, before you deploy, Please check the Web site root directory if there is a Web. config file, if so, please back up the Web. config file here, because the following configuration May and Web. config jump conflict, personal suggestions are directly deleted processing, after all, the old do not go to the new not to come, hahaha (recommended first backup).

(ii). IIS Editing Inbound Rules

1. Double-click URL Rewrite to open and click Add Rule.

2. Name fill Redirect to HTTPS, use regular expression, mode fill (. *).

3. Next, select Add condition. The first {HTTPS} matches the pattern ^off$, and the second fill {https_host} does not match the pattern ^ (localhost).

4. Action type Select redirect, and then select Properties for https://{http_host}/{r:1} redirection type Select 303.

5. The last step, check the next point to save.

6. Then, we use the browser to access the site, directly enter xxx.xxx.com or http://xx.xxx.com or https://xxx.xxx.com are access https://xxx.xxx.com, which means that the configuration URL rewrite succeeded.

7. The corresponding configuration in Web. config.

"Go" CA certificate request +IIS configuration https+ default Access HTTPS path