Using HTTPS to build a secure website

Last time we talked about the principles of HTTP data transmission. To improve the security of HTTP data transmission, Netscape developed the SSL protocol to ensure secure data transmission over the network. In addition, we have explained how to use the SSL protocol to implement the encrypted HTTP protocol transmission protocol-HTTPS, so that we can continue to complete the subsequent work.

Access the Web Server
1. Install (import) certificates for Web Sites

After the certificate is issued, You need to return to the "Default Web site properties" dialog box to further process the pending request and install the certificate. The steps are as follows:

Step 2 open the "Internet Information Service" window, right-click the "Default Web site" directory in the left pane, and run the "properties" command to open the "Default Web site properties" dialog box.

In step 2, click the "Directory Security" tab, click the "server certificate" button on the "Directory Security" tab, enter the Web server certificate wizard, and click the "Next" button.

Step 2 open the "pending certificate requests" Wizard page, click "process pending requests and install Certificates", and click "Next.

In step 2, Click Browse in the "pending certificate requests" Wizard to find the Certificate file you have exported in advance, click "next> complete" to install the certificate.

In step 2, on the "Directory Security" tab, click the "edit" button in the "Secure Communication" area to open the "Secure Communication" dialog box. Select the "apply for SSL" check box and click "OK.

In step 2, return to the "Default Web site properties" dialog box and switch to the "Web site" tab. In the "SSL port" edit box in the "Web site ID" area, type A port number (such as "443") or do not specify it. Click OK to close the property page to complete the configuration.

2. access the Web Server

Now you have applied for and installed a certificate for the Web site. It has become a secure Web site that uses HTTPS encryption to transmit information. When a user accesses a Web site, the Web site will automatically pass the server certificate to the user to prove to the user that he is a legitimate server rather than a impersonating server. In this example, the IP address of the Web site is "10.115.236.200". To access the site through a client browser, enter the Web site address "https: // 10.115.236.200: 443, the "security alarm" dialog box appears, prompting the user to "view the web page through secure connection ". Click OK to access the website.

TIPS: if there is a security alarm about certificate problems, click "yes" to continue accessing the site, and the user's information will not be viewed or changed by others. In fact, only when the "customer certificate required" check box is checked in the "Directory Security" tab on the Web site property page, A Web site with a certificate installed will become a site that can be accessed only when the customer provides a certificate.

However, this is not the case for general Web sites, because it is relatively cumbersome to issue certificates to IE browsers on each client, unless there is a very high security need (such as the contracted customers of online banking ).

HTTPS-based Web UI
The Web UI integrated in Windows Server 2003 is also a vivid example of applying HTTPS. The HTTPS-based Web UI can help administrators remotely manage common server services (such as FTP and Web Services) and common functions (such as managing users and groups), with high security. The following describes how to implement HTTPS-based Web UI.

1. Install Web UI

By default, the Web UI is not installed on Windows Server 2003. The method for manual installation is as follows:

Step 2 open the "add or delete programs" dialog box in "Control Panel", and then click "Add/delete Windows Components" on the left side of the dialog box.

Step 2 open the "Windows component wizard" dialog box, and double-click "Application Server> Internet Information Service (IIS)> World Wide Web service ". In the open "World Wide Web Service" dialog box, select the "Remote Management (HTML)" check box and click "OK> next> complete" to complete the installation.

In step 2, click Start> Administrative Tools> Internet Information Service (IIS) manager) in the "manager", expand "Server Name (Local Computer)"> "website" directory.

In step 2, find and right-click the "Administration" option and run the "properties" command in the shortcut menu to open the "Administration properties" dialog box, on the "website" tab, click the drop-down triangle to the right of "ip address" and click Select Local IP address. Keep the default settings for other options, and click OK to make the settings take effect. Close the manager window.

2. log on to the Web UI Management Interface

As long as the client is running Windows 9x or later, you can log on to the Web UI Management Interface in IE. In the address bar of IE browser, enter "https: // 10.115.223.1: 8098" and press Enter. Then, enter the user name and password of the system administrator, and click "OK" to log on to the Web remote management interface. "8098" indicates the SSL port used by the Service.

Tip: When you enter "https: //..." in the address bar of your browser ://... "instead of" http ://... ", the browser creates an SSL connection, rather than simply a TCP connection to the Web server. When a user uses "http ://......" When you access an HTTPS-based website through an address, the system will prompt "this webpage must be viewed through a security channel. You must use HTTPS in the address to view the webpage ", thus, access from unauthorized users is denied.

Remote Management of Web UI
After successfully logging on to the Web remote management interface, the administrator can perform various settings on the server.

1. Change the Administrator Password

After logging on to the Web UI Remote Management Interface, click "set administrator password" on the "welcome to use" interface. On the "Administrator Account" Page, type the current password and new password, and click "OK" in the lower right corner to make the settings take effect.

2. Manage Web Servers

Take modifying the website home directory as an example. Click the "Web server" option and then click the "Web Master Settings" button. On the "Web Master Settings" page, you can change the path of the home directory of the website.

3. Connect to the Remote Desktop

Remote Desktop is a very useful feature in Windows Server 2003. You can remotely connect to the desktop of the Server through the Web remote management interface. However, the premise is that the server allows users to remotely connect. Click the maintenance option, and then click the Remote Desktop button. In the open login window, enter the user name and password to log on to the desktop of the server. If you are a system administrator, you can have all the permissions to manage the server.

TIPS: this function is meaningful for Windows 9x. Because Windows XP has a client tool to connect to the Remote Desktop, this function is of little significance for Windows XP.

4. Manage users and groups

Manage users and groups on the server through Web remote management. Take adding a user as an example. Click "user" and then click "Local User. On the "local user on the server" page, click "new" on the right, on the "Create new user" Page, enter the user information and password, and click "OK" to add the user. If you want to delete a user, select the user you want to delete on the "local user on the server" Page and click the "delete" button on the right. Group Management is similar to user management.

Through a brief description of HTTPS and two instances, we can see that HTTPS is widely used in websites with high security requirements and is an effective way to ensure information security.