安装过两次SSL证书,现在来总结一下,以后可能会用到。
有很多提供SSL证书的公司,我们这里就用https://www.sslforfree.com/ 提供的证书进行说明。安装SSL证书的步骤如下:
1. 验证域名,获取证书。
2. 对获取的证书进行加工,生成pfx格式的证书(这里我的web服务器是IIS6.0)
3. 在web服务器上保存生成的pfx证书。
4.在IIS6.0中加载pfx证书。到此一切工作结束,就可以用https访问web页面了。
下面开始进行操作细节描述:(因为网站是英文的,所以接下来我就用英文描述了)
1. 验证域名,获取证书。
step1: visit the web site of sslforfree and enter yourdomain.com and click the button of which name is "create free ssl certificate"
step2: verify the domain. we choose the manual verification. Click the manually verify domain button, then download the two files
to your local cmputer.
step3: like bellow
1. Create a virtual folder in your domain named ".well-known" if it does not already exist. If you use Windows you may have to add a dot at the end of the folder name in order to create a folder with a dot at the beginning.
2. Create another folder in your domain under ".well-known" named "acme-challenge" if it does not already exist
3. Upload the downloaded two files to the "acme-challenge" folder
step4: add a mime type to your IIS6.0 web server, That mime is (.=>text/plain).
step5: Verify successful upload by visiting The-Links in your browser. The-Links is in step2's web page. If you can see a string of random alphanumeric characters. It shows you have successed.
step6: click the button of download ssl certificate to download the files.
2. 加工证书,生成pfx格式的证书
step1: install openssl on your local computer(notice: it is on local computer, not web server's computer).
step2: run cmd and navigate to the folder of which has the downloaded certificate files in above's step6. then running bellow's cmd:
openssl pkcs12 –export xxx.pfx –inkey private.key –in certificate.crt ca_bundle.crt
it will tip you input a password, remember it. The password will be used in later steps. It will generate a pfx file. It is the target file you want.
3. 在服务器上保存、配置证书。
step1: run cmd and input "mmc" to open mmc program. then do the following's operration:
click file menu and choose "add/remove snap in" item, then it will open a dialogue, click the add button and choose certificates,then click ok button.
step2: in mmc UI, you will see a node named "certificate" in left panel, click the node, then right click personal sub-node and choose tasks->import, ti import your pfx file.(notice: choose computer configuration during the steps.)
If you not clear how to do this steps, you can search "如何在mmc中导入证书", there are many pages about this.
4.在IIS6.0中加载pfx证书
step1: right click on local web site and choose "directory security" tab, then click "server certificate" button, choose your pfx file and input password which generated in above.
You can search "how to load certifiate to IIS6.0" to get many pages about it.
Here, you have successfully complete the task of installing SSL to your web server.