创建自签名ssl证书
Developers and IT administrators have, no doubt, the need the deploy some website through HTTPS using an SSL certificate. While this process is pretty straightforward for a production site, for the purposes of development and testing you may find the need to use an SSL certificate here as well.
毫无疑问,开发人员和IT管理员需要使用SSL证书通过HTTPS部署某些网站。 尽管此过程对于生产站点而言非常简单,但是出于开发和测试的目的,您可能会发现也需要在此处使用SSL证书。
As an alternate to purchasing and renewing a yearly certificate, you can leverage your Windows Server’s ability to generate a self signed certificate which is convenient, easy and should meet these types of needs perfectly.
作为购买和更新年度证书的替代方法,您可以利用Windows Server的功能来生成自签名证书,该证书既方便,又容易,并且可以完全满足这些类型的需求。
在IIS上创建自签名证书 (Creating a Self Signed Certificate on IIS)
While there are several ways to accomplish the task of creating a self signed certificate, we will use the SelfSSL utility from Microsoft. Unfortunately, this doesn’t ship with IIS but it is freely available as part of the IIS 6.0 Resource Toolkit (link provided at the bottom of this article). Despite the name “IIS 6.0” this utility works just fine in IIS 7.
尽管有多种方法可以完成创建自签名证书的任务,但我们将使用Microsoft的SelfSSL实用程序。 不幸的是,IIS不附带此功能,但它可以作为IIS 6.0资源工具包的一部分免费提供(本文底部提供了链接)。 尽管名称为“ IIS 6.0”,但该实用程序在IIS 7中仍然可以正常工作。
All that is required is to extract the IIS6RT to get the selfssl.exe utility. From here you can copy it to your Windows directory or a network path/USB drive for future use on another machine (so you don’t have to download and extract the full IIS6RT).
所需要做的就是提取IIS6RT以获取selfssl.exe实用程序。 在这里,您可以将其复制到Windows目录或网络路径/ USB驱动器,以备将来在另一台计算机上使用(这样就不必下载并提取完整的IIS6RT)。
Once you have the SelfSSL utility in place, run the following command (as the Administrator) replacing the values in <> as appropriate:
设置好SelfSSL实用程序后,运行以下命令(以管理员身份)(适当时)替换<>中的值:
selfssl /N:CN=<your.domain.com> /V:<number of valid days>
selfssl / N:CN = <您的域名.com> / V:<有效天数>
The example below produces a self signed wildcard certificate against “mydomain.com” and sets it to be valid for 9,999 days. Additionally, by answering yes to the prompt, this certificate is automatically configured to bind to port 443 inside the Default Web Site of IIS.
下面的示例针对“ mydomain.com”生成一个自签名的通配符证书,并将其设置为有效9,999天。 此外,通过对提示回答“是”,此证书将自动配置为绑定到IIS默认网站内的端口443。
While at this point the certificate is ready to use, it is stored only in the personal certificate store on the server. It is a best practice to also have this certificate set in the trusted root as well.
此时可以准备使用证书,但证书仅存储在服务器上的个人证书存储中。 最好的做法是在受信任的根中也设置此证书。
Go to Start > Run (or Windows Key + R) and enter “mmc”. You may receive a UAC prompt, accept it and an empty Management Console will open.
最低0.47元/天 解锁文章
1795
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
