Shulou(Shulou.com)06/01 Report--

This article briefly explains how to build CA services on Windows server 2003 and enable SSL. Don't talk too much nonsense, just start building the environment. If you want to know what the certificate server CA is all about, or if you want to know the principle of SSL, please speak very clearly by yourself, Baidu.

First, set up a certificate server

1. Find "add or remove programs" in the control panel of the system, and click Open.

2. Click "add / remove windows components" on the left, select Network Services and Certificate Services, and click next.

Why choose web services and application services here, because Certificate Services web enrollment support depends on IIS

3. Select the CA type. Here, select the independent root CA, and select "generate secret key pair and CA certificate with custom settings". Next

4. For the setting of the key pair, select the next step by default.

5. Set up CA identification information and give your service a name, which is decided according to your own situation.

6. Set the certificate database and select the default setting.

7. There will be a warning during installation. Click Yes.

8. Once the installation is complete, you can open the management tool-Certificate Authority, which is used to audit certificates and issue certificates.

9. At this time, three related directories will also be added to the IIS to apply for certificates. Administrative tools-IIS Manager

10. Verify whether the CA service is built successfully, and the browser accesses http://localhost/certsrv

2. Enable HTTPS (SSL) function

1. Select the default website in IIS, right-click Properties, click Directory Security, and select the server certificate.

2. Select the method to assign the certificate to the website, and select the new certificate.

3. Select "prepare the certificate request now, but send it later", and next

4. Select default, next step

5. Fill in the unit information and choose according to your own situation.

6. The common name of the site. The default is the machine name of the server. If IIS is an object service, the corresponding domain name must be entered here.

7. Geographic information, it doesn't matter, at will, next step

8. Certificate request file name, default

9. Open the certificate request file and copy the string in it

10. The browser opens the certificate application interface and selects "apply for Certificate".

11. Application for Advanced Certificate

12. Select base64 coding application

13. Paste the copied string into the text box and click submit

14. Open the certificate authority, select the certificate that is pending, right-click on all tasks, and click issue.

15. Go back to the home page of the browser certificate application and click "View pending certificate application status".

16. In this interface you can see all the certificates you applied for before. Click the saved certificate

17. Download the certificate in base64-encoded form

18. Go back to the IIS directory security page, click the server certificate, and the page has changed. Select "process pending requests and install certificates".

19. Select the certificate you just downloaded

20. Specify the SSL port. Default is 443.No need to change it.

21. After the installation is completed, or return to the directory security, select edit in the security communication bar, and select "require secure channel".

22 verification.

(1) failed to enter http://localhost/certsrv, to access, indicating that secure socket layer (SSL) is used in the access interface.

(2) enter https://localhost/certsrv and access it successfully.

At this point, setting up the CA server and enabling SSL is over. If you have any questions, please feel free to communicate.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.