Enable https service method sharing on IIS6

1 SSL function was set on IIS of dev machine two days ago because an Windows Live Contacts Gadget failed to work under the https connection.

You all know that the key to launching SSL is two things:

1. A Certificate Authority (such VeriSign.com)

2. A site certificate

If you are using Windows Server 2003 or XP Advanced Server, you can actually use the "Certificate Services" service provided by the system to "impersonate" 1 CA and send yourself 1 site certificate, here is 1 tutorial:

Building your own certificate authority: http://searchwindowssecurity.techtarget.com/tip/1 ,289483,sid45_gci1110403,00.html

If you are using XP Professional, there are no CA services. But for debugging or testing purposes, you only need to generate 1 ES40en-ES41en certificate. When browser prompts you to accept untrusted certificate, just choose Yes.

There are many ways to generate ES49en-ES50en certificate. OpenSSL (OpenSSL for windows) http: / / www. openssl. org/related/binaries html) or keytool (http: / / java. sun. com/j2se / 1.4.2 / docs tooldocs/solaris/keytool html) to sign1 certificate, then import the certificate in IIS. If you want to get a feel for IIS's Settings, try doing it again. Here's tutorial:

Enabling SSL in IIS on Windows XP Professional: http://www.somacon.com/p41.php

Of course, if you want to avoid all this hassle, the easiest way to start SSL on IIS is in three steps:

1. Download IIS 6.0 Resource Kit Tools: http: / / www microsoft. com/downloads/details aspx & # 63; c73 FamilyID = 56 fc92ee - a71a - 4 - b628 - ade629c89499 & DisplayLang=en
2. Installation.
3. "All Programs - > IIS Resources- > SelfSSL- > SelfSSL ", type "selfssl" on the command line and answer "y", and you are done.

Now try visiting: https://localhost in browser and you will find a window that asks if you want to accept 1 untrusted certificate, choose Yes, and are safe now.

Finally, an official tutorial from Microsoft is attached

Configure SSL for the Web server

To enable SSL in IIS, you must first obtain a certificate for encrypting and decrypting information transmitted over the network. IIS has its own certificate request tool, which you can use to send certificate requests to certificate authorities. This tool simplifies the process of obtaining certificates. If you are using Apache, you must obtain the certificate manually.

In BOTH IIS and Apache, you receive a certificate file from a certificate authority that must be configured on the computer. Apache USES the SSLCACertificateFile directive to read the certificate in its source file. In IIS, you can configure and manage certificates using the directory security TAB of the website or folder properties.

You can migrate certificates from Apache to IIS; However, Microsoft recommends that you recreate or obtain a new IIS certificate.

Configure folders or websites to use SSL/HTTPS

This process assumes that your site already has a certificate. Log on to the Web server computer as an administrator. Click Start, point to Settings, and then click Control Panel. Double-click the admin tool, and then double-click the Internet service Manager. Select a site from a list of different service sites in the left pane. Right-click the website, folder, or file for which you want to configure SSL communication, and then click Properties. Click the directory Security TAB. Click Edit. If you want a website, folder, or file that requires SSL to communicate, click Need Secure Channel (SSL). Click requires 128-bit encryption to configure 128-bit (instead of 40-bit) encryption support. To allow a user to connect without having to provide a certificate, click Ignore the Customer certificate. Or, if you want the user to provide a certificate, use the Accept Customer certificate. To configure the client mapping, click Enable the client certificate mapping, and then click Edit to map the client certificate to the user. If configured, customer certificates can be mapped to each user in Active Directory separately. You can use this feature to automatically identify users based on the certificates they provide when they visit the site. You can map user 1 to 1 to certificates (1 certificate identifies 1 user), or you can map many certificates to 1 user (matching a specific user against a list of certificates based on specific rules. The first valid match becomes the map. Click OK.