Shulou(Shulou.com)06/02 Report--

First, we need to apply for a certificate, and then the certificate must be in the pfx format supported by IIS, otherwise the pem and key formats need to be converted again, which is very troublesome.

2. Enter the IIS console-Server Certificate

3. Import certificate and select Import

4. Then go to the website-- your website-- bind and select:

Type: HTTPS

Hostname: domain name corresponding to the certificate

SSL certificate: the certificate corresponding to the domain name

Fifth, take a look, is there already a HTTPS?

6. IIS 10 enables the HTTP/2 protocol by default, so we don't need to set anything extra.

7, but if we run a score with the default configuration, oh my lady quack, unexpectedly so bad.

Eighth, like Nginx, Apache Httpd, there are places that can be modified, IIS seems to change the place is not so obvious, I guess it may be to modify the registry. But fortunately, we have an artifact-- IIS Crypto.

Download address: https://www.nartac.com/Products/IISCrypto/Download

9. After opening it, click Best Practics to automatically select the best configuration, and then click Apply to take effect, which will require a restart.

Ten (optional), it should be good to run points at this time, if you have not reached A, then there is a more stringent and safe setting template shared by the Great God.

Address: https://github.com/stylersnico/IIS-10-Secure-TLS

Just import in Templates

11. If you want to get a score, HSTS is essential. Enter the website-your domain name-HTTP corresponding header-add

Name: Strict-Transport- Security value: max-age=15768000; includeSubDomains; preload

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.