有關HTTPS、SSL以及SSL證書的工作原理,參見
本文將演示如何在IIS中配置一個HTTPS的ASP.NET Web Application。
(1)打開Internet Information Services (IIS) Manager
(2)創建一個Self-Signed Certificate
A self-signed certificate is an identity certificate that is signed by its own creator. Certificates are signed by Certificate Authority. In general self signed certificates are fine for testing purpose but not for production.
創建self-signed certificate有兩種方式:
- 使用IIS
- 使用Visual Studio的工具MakeCert.exe
本文只演示如何用IIS創建self-signed certificate。
打開IIS Manager后,雙擊Server Certificates。
(3)在IIS中添加一個Website
Binding下Type選擇https,默認端口為443(http默認端口為80),SSL Certificate選擇上面我們創建的self-signed certificate。
(4)也可以用添加Site Binding的方式實現
點擊Add
(5)打開瀏覽器
點擊地址欄旁邊的小鎖頭,查看一下證書
(6)打開證書管理工具,查看Trusted Root Certification Authorities
可以看到在IIS中創建self-signed certificate的時候,服務器已經將它添加到Trusted Root CA中了。在客戶端,你需要手動安裝根證書。
(7)證書頒發機構
如果想使用瀏覽器信任的證書,需要使用證書頒發機構 (CA)頒發給你的證書,比如Verisign,Thawte等。Self-signed Certificate可以用於開發測試環境,不應用於生產環境。
原文鏈接:http://www.cnblogs.com/jfzhu/p/4064654.html