2012 Click the linkDeploying HTTPS security sites for Windows server2012
A no-nonsense graphics tutorial that teaches you to build the CA server step-by, and to have IIS enable HTTPS services.
First, set up a Certificate Server (CA service)
1. In the System Control Panel, locate "Add/Remove Programs", click "Add/Remove Windows Components" on the left, find "Certificate Services" in the list and install them.
2.CA type, there are four options, described here as "standalone root CA".
3.CA identifying information, here you can name your CA server.
4. Certificate database settings, to save the relevant database and log files of the certificate, this default is OK.
5. Once the installation is complete, you can open the certification authority in the Control Panel-administrative tool, which is used for auditing certificates, which is mentioned later.
6. After the installation is complete, in IIS, three more related directories are added, where "CERTSRV" is the page of the certificate request.
7. Open the corresponding page, you can see as, to this point, the CA server has basically been set up complete.
Second, let IIS turn on HTTPS (SSL) function
1. In IIS, in the "Default Web Site" right, select "Properties", you can see the site properties, click on the "Directory Security" tab, click on the "Server Certificate" button.
2. Select "New Certificate" and next
3. Select "Prepare the certificate request now, but send it later", next
4. Unit information, the need to fill out here, as to what to write, you can decide, this information will be displayed in the certificate.
5. Name and security, name default is the name of the IIS Web site, key length defaults to 1024 bits, next
6. Site common name, this default is the server's machine name, please note that if IIS is an object service, you must fill in the corresponding domain name here.
7. Geographical information, please fill out the next step
8. The certificate request file name, by default is saved in the C drive, you will see the following string of encrypted strings.
9. First copy the encryption string of the certificate, go to the page of the certificate request mentioned earlier, select "Request a certificate"
10. How to apply for the certificate, select "Advanced Certificate Request"
11. Select "Use base64 ..."
12. Fill in the certificate string in the text box, and "submit", to complete the application of the certificate. (Don't rush to close ie, click on the "Home" on the right).
13. Go back to the Certification Authority tool, select "Pending Request" on the left, you can see there is an application record, the application ID is the ID you just requested.
Select records, right-all tasks-issue, so that certificates can be issued.
Click on "Issued certificate" to see the certificate you just issued.
14. Go back to the Certificate Request page and select "View status of pending certificate requests"
15. On this page you can see all the certificates you have applied for, multiple links, and click on one of them.
16. Here, if the certificate has been issued, you can see the certificate download page, generally choose Base64 encoding, download certificate.
If you download the certificate chain, you can also download the certificate of the root CA.
17. Go back to IIS, the Directory Security page, or click on "Server Certificate", the interface has changed, select "Process the pending request and install the certificate", the next step
18. Select the certificate you just downloaded, next
19. Fill in SSL used port, the general default is 443, do not need to modify. At this point, the application for the certificate has been completed.
20. If you want to force HTTPS access to the site, on the Directory Security tab, click the Edit button.
21. Check "Require secure channel (SSL)"
22, at this point, we refresh the certificate Request page, we can see 403.4 of the error page, because we are forced to use HTTPS to access the site.
Note: If not the entire site requires the use of HTTPS, you can also be set up for a virtual directory, the same way.
23. After modifying to HTTPS access, a security alert is prompted, where the certificate name does not match the site name because we are using localhost to access it.
Remember the common name mentioned above when applying for a certificate? That's it, we filled in the machine name, so it certainly doesn't match localhost.
This is why if IIS has external, to fill in the Domain name reason, otherwise it will prompt this security alert.
Here you only need to modify the address to: HTTPS://DIER-VM03/CERTSRV, you will not be prompted for security alerts.
24. Extension, not every user is understand technology, when ordinary users see 403.4 error, the requirements do not know how to add a s can access, the swelling?
In fact, in the "Custom Errors" tab, find the location of the page file that 403.4 points to, and then go in and open it. Add a script and you're done.
is actually using JavaScript to determine whether to use HTTP, if it is automatically jump to HTTPS
[JavaScript]View PlainCopy
- <script type="Text/javascript" >
- var url = window.location.href;
- if (url.indexof ("http:") >-1) window.location.href = url.replace ("http:","https:");
- </script>
Well, no nonsense of the text tutorial to complete this, by the way BS CSDN editor, incredibly can not upload more than one file at a time, passed to death-. -
Setting up a Certificate Server and enabling IIS to enable HTTPS services