有关HTTPS、SSL以及SSL证书的工作原理,参见
《HTTPS那些事(一)HTTPS原理》
《HTTPS那些事(二)SSL证书》
《HTTPS那些事(三)攻击实例与防御》
本文将演示如何在IIS中配置一个HTTPS的ASP.NET Web Application。
A self-signed certificate is an identity certificate that is signed by its own creator. Certificates are signed by Certificate Authority. In general self signed certificates are fine for testing purpose but not for production.
创建self-signed certificate有两种方式:
本文只演示如何用IIS创建self-signed certificate。
打开IIS Manager后,双击Server Certificates。
Binding下Type选择https,默认端口为443(http默认端口为80),SSL Certificate选择上面我们创建的self-signed certificate。
点击Add
点击地址栏旁边的小锁头,查看一下证书
可以看到在IIS中创建self-signed certificate的时候,服务器已经将它添加到Trusted Root CA中了。在客户端,你需要手动安装根证书。
如果想使用浏览器信任的证书,需要使用证书颁发机构 (CA)颁发给你的证书,比如Verisign,Thawte等。Self-signed Certificate可以用于开发测试环境,不应用于生产环境。