Win7 win8 Windows Server 2008r2 HTTPS SSL certificate installation (with HTTPS SSL local test environment)

To successfully set up SSL security site key to have the following conditions.

1, need to obtain the server certificate from the trusted certificate mechanism ca.
2, you must install the server certificate on the Web server.
3. The SSL feature must be enabled on the Web server.
4. The client (browser-side) must trust the same certification authority as the Web server, which requires the CA certificate to be installed.

Now, let's do a step-by-step operation against the top four.

1: You need to obtain a server certificate from a trusted certification mechanism CA (since we are doing the test environment locally, not the actual operation.) So here we create a certificate ourselves. If it is the actual operation, the need to obtain a certificate through the domain name quotient, this is to spend money. ）

2: The server certificate must be installed on the Web server.

Open IIS, locate the server certificate,

Click Create Self-signed certificate

Enter the name of the certificate you want to create, I'm named Joeyssl

3. The SSL feature must be enabled on the Web server.

Next, we create a new local test site and bind the certificate we just created.

Open the Hosts file to create a name for the site (for example, Http://webjoeyssl so this webjoeyssl is the name of the site we need to create, I use hosts to resolve to local)

C:\Windows\System32\drivers\etc

Binding directories in IIS, binding HTTP and HTTPS

At the time of addition, binding type, first select the type of HTTP, although there is HTTPS, but the first to ensure that the Web site can be accessed through HTTP, after all, most people are through HTTP to open the site, but in some special need to encrypt the place to use HTTPS, we will next bind HTTPS, here is not urgent, unless your entire site is HTTPS use, then only select HTTPS here.

the above test has been able to ensure that Http://webjoeyssl and Https://webjoeyssl can open the site.

Of course, we can also force the settings must be through SSL to access the site (at this point, only HTTPS to access, and HTTP can not be accessed)

But there will be a problem, you visit the Http://webjoeyssl, the browser will complain

4: The client (browser-side) must trust the same certification authority as the Web server, which requires the CA certificate to be installed.

We open http://webjoeyssl/or https://webjoeyssl/will be prompted unsafe, click to continue browsing. In the actual environment, you get a real certificate, so there will be no similar report security certificate problems,