Create self signed cerfiricate SSL

Creating a Self – Sign SSL Certificate

Overview
A self-signed certificate is a certificate that is signed by itself rather than a trusted third party. This means you can't verify that you are connecting to the right server because any attacker can create a self-signed certificate and launch a man-in-the-middle attack. Because of this, you should almost never use a self-signed certificate on a public IIS server that requires anonymous visitors to connect to your site. However, self-signed certificates can be appropriate in certain situations:

Generate a Self-Signed Certificate with the Correct Common Name:
This step is only required if you want to get rid of the warning message displayed because the common name on the self-signed certificate doesn't match the website's hostname. In order to resolve this problem, we'll need to create the self-signed certificate using the same method that is used to create a self-signed certificate in IIS 6.0 (with SelfSSL instead of through IIS).
1.       Download the Internet Information Services (IIS) 6.0 Resource Kit Tools at this URL: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=56fc92ee-a71a-4c73- b628-ade629c89499&displaylang=en
and install SelfSSL 1.0 (if you do a Custom install you can uncheck everything except for SelfSSL). Once it is installed, click on the Start menu, go to IIS Resources, then SelfSSL, and run SelfSSL.

Type the following command with the hostname of your IIS site. If you receive the error "Error opening metabase: 0x80040154", just ignore it. We will be manually binding the certificate to the website. (  SelfSSL /N:CN=site1.mydomain.com /V: 7320 /T /P:443 /S:#)

FYI: You need to RUN this as Administrator.
You can find the web site ID to use for the  /S like this:

·         Open the IIS Manager
·         Expanding the Sites folder from the Connections panel
·         Select the web site for which you want to add the SSL certificate
·         From the Actions panel in the right click on "Advanced Settings..."
·         In the "Advanced Settings" popup you will find the Web site ID in the value for the "ID" property.
·         Use it for the /S option in the SelfSSL command.

3.       After the command is finished, you will have an IIS self-signed certificate with the correct common name listed in the Server Certificates section of IIS. Now follow the instructions to bind the certificate to your IIS website.

Bind the Self Signed Certificate
  1. In the Connections column on the left, expand the sites folder and click on the website that you want to bind the certificate to. Click on Bindings. in the right column.
  1. Click on the Add... button.
  1. Change the Type to https and then select the SSL certificate that you just installed. Click OK.
  1. You will now see the binding for port 443 listed. Click Close.
  1. Now let's test the IIS self-signed certificate by going to the site with https in our browser (e.g. https://site1.mydomain.com). When you do, you should see the following warning stating that "The security certificate presented by this website was issued for a different website's address" (a name mismatch error).
4.       After you have bound the new certificate to your IIS site, visit it with https in your web browser and you will encounter another error: "The security certificate presented by this website was not issued by a trusted certificate authority." (the SSL Certificate Not Trusted error)
 
Don't worry; this is the last error we will need to fix. This is a normal error for self signed certificates because the certificate is signed by itself instead of a trusted SSL provider. All visitors to the site will see that error unless they import the self-signed certificate into their Trusted Root Certification Authorities store (or the appropriate SSL certificate store for the browser they are using). You can easily add the IIS self-signed certificate to the store on the server by following the the instructions below. If you need to import the certificate on another Windows machine, just follow the instructions on how to Move or copy an SSL certificate from a Windows server.

Add the Self Signed Certificate to Trusted Root Certificate Authorities

  1. Click on the Start menu and click Run.
  2. Type in mmc and click OK.
  1. Click on the File menu and click Add/Remove Snap-in...
  1. Double-click on Certificates.


  1. Click on Computer Account and click Next.
  1. Leave Local Computer selected and click Finish.
  1. Expand the Certificates item on the left and expand the Personal folder. Click on the Certificates folder and right-click on the self signed certificate that you just created and select Copy.

  1. Expand the Trusted Root Certification Authorities folder and click the Certificates folder underneath it. Right-click in the white area below the certificates and click Paste.

  1. Now you can visit your site with https in your web browser and you shouldn't receive any errors because Windows will now automatically trust your IIS self signed certificate.

Few Tips and Tricks to help when issue and errors encounter.
http://weblogs.asp.net/scottgu/tip-trick-enabling-ssl-on-iis7-using-self-signed-certificates



Nhận xét

Đăng nhận xét

Bài đăng phổ biến từ blog này

Add và Load file js bằng javascript với callback event

Trường hợp bạn muốn add file *.js bằng javascript: Hàm "loadScript" dưới đây sẽ add và load file js khi bạn gọi, với 2 tham số truyền vào là đường dẫn file *.js (sScriptSrc) và hàm sẽ đc thực thi khi file đc load xong (Callback func) oScript.onreadystatechange on IE và oScript.onload on firefox browser. function loadScript(sScriptSrc,callbackfunction) { //gets document head element var oHead = document.getElementsByTagName('head')[0]; if(oHead) { //creates a new script tag var oScript = document.createElement('script'); //adds src and type attribute to script tag oScript.setAttribute('src',sScriptSrc); oScript.setAttribute('type','text/javascript'); //calling a function after the js is loaded (IE) var loadFunction = function() { if (this.readyState == 'complete' || this.re...
Đọc thêm