1 creating a self- signed SSL Certificate
Create a self-signed SSL Tool Xca is:https://sourceforge.net/projects/xca/
Create a process
1) Create root certificate
To open the software, the interface is as follows.
Click , see the drop-down menu, select , create a new database.
Name the file, select the location of the file storage, here I put in the E:\CA under this folder
Click Save, pop Up next page, fill in the password
Click OK to bring up the next page
Click , the next page pops up
The signature algorithm is changed to SHA, other unchanged, click , and then click OKto eject the next page
Click , fill in the information as follows:
Click , the next page pops up
confirm the error, click , the next page is displayed successfully
Click OKto display the next page
Click OKto create a successful display next page
Click OKto successfully generate the root certificate.
2) Create a server-side certificate
On the basis of the success of the above root certificate creation, select the root certificate that was generated.
Click , the next page pops up
Modify the encryption algorithm to SHA, three certificate templates, select
Click , click OKto bring up the next page
The other action is similar to generating the root certificate, and after the build is done, the page looks like this:
3) Create a client certificate
Basically consistent with creating a server-side certificate, the difference is the choice
2 exporting a certificate
Select the certificate, click
Choose folder and export format, export format is various, export according to demand.
3 Installing the certificate in IIS
Note the same certificate does not have to be installed more than once, and to reload, remove the installed certificate first.
Open IIS, click the root directory, double-click
Right-click on the pop-up menu to complete the certificate request, which is the Red box section
pop-Up page, select the generated certificate (the certificate needs to be format Export)
Name and click OK
Thus, the different IIS reacts differently, some servers are successfully imported, and some server errors:
Some imports appear to succeed, but the imported certificate disappears when you refresh the page. In this case, after importing the certificate do not refresh, right-click on the certificate, as follows:
The solutions to both of these errors are:
1 ) The solution to the error is
Install the certificate to the computer's trusted area, then open the Certificate Manager, which will run at the beginning:certmgr.msc
Select the certificate and right-click the operation.
Choose
Follow the prompts, and when you enter the password, this is the password to create the certificate
Enter the correct password and follow the instructions.
However, some computers cannot export even if the certificate is installed properly, for example, exporting the private key is not optional.
The workaround is to check the corresponding option when installing the certificate, as shown in:
2) Double-click the certificate (for . cer format or . P12 format), install as prompted, select Automatic storage mode
This method does not work and is still not available after installation, as follows.
Select , this way specifies that the store also does not work.
to export format, and then double-click Install before you can.
4 Accessing the self-signed Https Web site
It is common to add security exceptions, but some will be incomplete, and the solution is:
For example, in Firefox, click temporarily remove protection. This is because the HTTPS request returns a page that contains http requests, and this mixed type is considered unsafe by the browser.
The ASP. NET Web API uses a self-signed SSL certificate