Several problems encountered when purchasing an SSL certificate to deploy a website and ssl Problems
As a cainiao, I don't know much about SSL certificates. I only know that it is safer to use its website. So I encountered various problems on the way to using SSL certificates this time, so far, all solutions have finally been implemented.
I. Certificate Format
Two days ago, I bought an SSL Certificate for the cloud. It was WoSign. After the certificate was issued, I downloaded two files ,. pem and. key, which is required by IIS. pfx format certificate file, so search for the conversion method.
The search results are basically converted using OpenSSL. However, we find that the information on the Internet is fragmented, and no beginner or unknown can understand the information, therefore, the conversion problem was solved only by the connected mengba guess.
1.1 install OpenSSL
Reference blog: http://blog.csdn.net/zh516846937/article/details/40188065
Follow the instructions in the above blog to install it.
1.2 certificate Conversion
Enabled (the static library enters out32)
1.2.2 change the. pem file suffix to. crt, and copy the. crt file and. key File to out32dll.
1.2.3enter the command pkcs12-export-out in the openssl.exe window to output the Certificate Name. pfx-inkey certificate KEY. key-in certificate. crt. After you press enter, you are required to enter the password, and then confirm that the password is generated successfully.
2. Website deployment
In the IIS import certificate background, the website is bound with https access
After testing, we found that 360 browsers are accessible, but Google browsers are not accessible. Google's browser reports an error and the website cannot provide secure connections.
After finding the technical support of wotong, I learned that there are two problems:
First, the certificate chain is incomplete, which has been solved by their technical staff
Second, there is an SSL Vulnerability. They have a tutorial and the installation tutorial is well resolved.
After these two problems are solved, Google Chrome will be able to access them normally.
The installation and use of a normal SSL certificate is over, but it is not over for my project.
Because the project structure Web end is pure html and the api is WebApi, two websites are deployed respectively. When purchasing an SSL certificate, you can buy only one domain name, in this way, the api domain name is not protected, so we can only consider combining two projects.
The first attempt is to directly copy the web pages and so on to the api project. After setting the homepage and so on, it is found that Google and other browsers have no problem in accessing the page. The IE browser will directly download html files, after a long time of hard work, I had to create all the pages according to the MVC rules and copy the corresponding content. This was a huge change.
At this time, after the debugging is completed, the release is finally normal for IE.
However, when you sort out the code, the WebApiConfig will suddenly report an error: the URL cannot start with "/" or "~". For the beginning and end ......, I thought it was wrong. After looking for some information on the Internet, I found that there was almost no problem. I suddenly thought of creating a webapi project and copying the main file to the test. I found there was no problem, so I guess the project file may be accidentally damaged (but there is no such memory)
It was a mess of problems, but it took a lot of effort.