Shulou(Shulou.com)06/01 Report--

This article focuses on "how to create a SSL encrypted HTTPS site", interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "how to build a SSL encrypted HTTPS site".

1. Prerequisites:

If you want to successfully set up a SSL security site, you must have the following conditions.

1. You need to obtain the server certificate from the trusted certificate authority CA.

2. The server certificate must be installed on the WEB server.

3. SSL must be enabled on the WEB server.

4. The client (browser) must trust the same certificate authentication authority as the WEB server, that is, the CA certificate needs to be installed.

2. Preparatory work:

We need to do some preparatory work before implementing the SSL security site.

Step 1: the IIS6 component is installed in windows2003 by default. If you don't have it, please install it yourself.

Step 2: the IIS site we set up uses the HTTP protocol by default. Open the browser and type "http:// native IP" (without quotation marks) at the address to access it. (figure 1)

Figure 1

Step 3: install Certificate Services and select add / remove windows components through the add / remove programs in the control panel. Find Certificate Services in the windows component wizard, tick before and click next. (figure 2)

Figure 2

Tip: certificate Services has two suboptions, Certificate Services Web enrollment support and Certificate Services Authority (CA). Both features need to be installed for convenience.

Step 4: the system will pop up the prompt that "the computer name and area membership will change after installing the certificate service, whether to continue or not", we can choose "Yes". (figure 3)

Figure 3

Step 5: select the stand-alone root CA in the CA type settings window of the windows component wizard. (figure 4)

Figure 4

Step 6: enter the CA common name of the CA identification information into the IP address of the local computer, such as 10.91.30.45, and keep the default information for other settings. (figure 5)

Figure 5

Step 7: enter the path to save the certificate database and other information, and still select the certlog under the system32 of the default location of the system directory. (figure 6)

Figure 6

Step 8: the prompt "to complete the installation, Certificate Services must stop the IIS service temporarily" appears after the next step. Select Yes and continue. (figure 7)

Figure 7

Step 9: start copying component files to your local hard drive. (figure 8)

Figure 8

Step 10: there will be a prompt for missing files during the installation process, and we need to insert the windows2003 system CD into the CD drive to continue. (figure 9)

Figure 9

Step 11: continue to copy files to complete the installation of the windows component. (figure 10)

Figure 10

3. Configure the certificate:

Next, we will show you how to configure the certificate files we need through the IIS Certificate Wizard.

Step 1: start the IIS editor through the IIS Manager in Administrative tools.

Step 2: right-click on the default website and select Properties. (figure 11)

Figure 11

Step 3: click the Directory Security tab in the default site properties window, and then click the Server Certificate button at the secure communication. (figure 12)

Figure 12

Step 4: the system automatically opens the WEB Server Certificate Wizard. (figure 13)

Figure 13

Step 5: select "New Certificate" in the server certificate office, and then continue in the next step. (figure 14)

Figure 14

Step 6: select "prepare the certificate request now, but send it later" at the delay or immediate request. (figure 15)

Figure 15

Step 7: set the name and specific bit length of the certificate, keep the name as the default website, and select 512 from the drop-down menu. (figure 16)

Figure 16

Tip: bit length is mainly used for security encryption, the longer the bit length, the more secure it will be, but the transmission efficiency will be affected to a certain extent, and the performance of the website will also be affected. Generally speaking, choosing 512 is enough.

Step 8: enter unit information, including units and departments. (figure 17)

Figure 17

Step 9: enter localhost in the site common name window. (figure 18)

Figure 18

Step 10: fill in the geographic information casually. (figure 19)

Figure 19

Step 11: set the file name of the certificate request, which we can save to the desktop so that the following steps are easy to call. The saved file name is certreq.txt. (figure 20)

Figure 20

Step 12: complete the configuration of the IIS Certificate Wizard and save the corresponding certificate file to the desktop as required. (figure 21)

Figure 21

4. Apply for a certificate:

After configuring the certificate file required by IIS, you should apply for the certificate according to the contents of the certificate.

Step 1: open an IE browser and type http://10.91.30.45/certsrv/ in the address bar to open the Certificate Services interface. (server IP address is 10.91.30.45) (figure 22)

Figure 22

Step 2: click "apply for a certificate" and continue.

Step 3: select "Advanced Certificate request" in the application certificate interface. (figure 23)

Figure 23

Step 4: select "submit a certificate request using base64-encoded CMC or PKCS # 10 file, or subscribe a certificate request" in the advanced certificate application interface. (figure 24)

Figure 24

Step 5: open the certreq.txt file saved above on the desktop with notepad and copy all the contents inside. (figure 25)

Figure 25

Step 6: paste all the copied contents into the "submit a certificate application or renewal request" interface, and then click the "submit" button. (figure 26)

Figure 26

Step 7: a certificate suspension prompt appears after a successful application, indicating that the certificate application has been received, waiting for the administrator to pass the application for authentication. (figure 27)

Figure 27

At this point, we have completed the application for the certificate, and the following is to pass the certificate certification we have just applied for.

5. Verify the certificate:

After the certificate request, the administrator of the server also needs to manually issue the certificate for it to take effect.

Step 1: we select start-> programs-> Administrative tools-> Certification Authority on the taskbar. (figure 28)

Figure 28

Step 2: find the "pending application" in the left option. (figure 29)

Figure 29

Step 3: look at the list on the right. The certificate application you just submitted is conspicuous. Right-click on the certificate to be applied for. There is "all tasks" in the pop-up menu, and then select the sub-item "issue". At this point, the "pending request" will be transferred to the "issued certificate".

Step 4: find the certificate under "issued Certificate" and double-click to open it. And select copy to File in the details tab of the Certificate Properties window. (figure 30)

Figure 30

Step 5: in the Certificate Export Wizard, choose any CER format to export, such as "DER Encoding binary" and save it as a file.

Through the above five steps, our IIS certificate has passed the audit of the system administrator, and the following can be used to establish a SSL encryption site through the audited certificate.

Configure the SSL security encryption function of IIS

Once again, we go to the IIS settings window to enable SSL security encryption.

Step 1: click the Directory Security tab in the default site properties window, and then click the Server Certificate button at the secure communication.

Step 2: select the process pending requests and install certificates option in the pending certificate request window. (figure 31)

Figure 31

Step 3: use the browse button to find the DER-encoded file you just saved through the Certificate Export wizard in step 5 of verifying the certificate. (figure 32)

Figure 32

Step 4: at this point, we can set the SSL parameter and check "require secure channel SSL" in the secure communication properties, thus enabling the SSL encryption feature of the IIS site. (figure 33)

Figure 33

Step 5: go to the site tag in the default site properties again, and you can see that the SSL port has been configured with port information-443. (figure 34)

Figure 34

At this point, we have completed the configuration of the SSL encrypted site, and the information browsed by the client when visiting the server's IIS website is encrypted and is very secure.

7. Browse the SSL encrypted site:

After setting up the SSL encrypted site on the server, we will pop up a "Security Alert" window when we access the site through a browser on the client. (figure 35) only by trusting the certificate can you browse the website information normally. (figure 36)

Figure 36

Tip: the address you enter when visiting a site encrypted through SSL should start with https://, for example, https://10.91.30.45 should be used in this article. If you still use http://10.91.30.45, there will be a prompt that "this page must be viewed through a secure channel, and the page you want to view requires the use of" https "in the address. Disable access: require SSL.

Summary: the steps described in this article are based on windows2003+iis6. For windows2000 Server or Windows 2000 Advance Server, the SSL encryption function can also be established on the basis of IIS5, and the setup steps are basically similar. If you are using the Windows 2000 Professional version, you do not need to read this article, because this version does not support SSL access to IIS.

At this point, I believe you have a deeper understanding of "how to create a SSL encrypted HTTPS site". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.