I'm trying to create a self-signed wildcard SSL certificate for use on a number of development and test servers running IIS 6. Following various guides has led to a couple ways of generating the certificates, but I haven't had any luck getting it to work. The most successful ways I've had were following this OpenSSL guide and using makecert.exe like so:
我正在尝试创建一个自签名的通配符SSL证书,以便在运行IIS 6的许多开发和测试服务器上使用。以下各种指南导致了几种生成证书的方法,但我没有任何运气获得它工作。我最成功的方法是遵循这个OpenSSL指南并使用makecert.exe,如下所示:
makecert.exe -r -b 01/01/2009 -e 01/01/2042 -sr LocalMachine -ss MY -a sha1 -n CN="*.example.com" -sky exchange -pe -eku 1.3.6.1.5.5.7.3.1 -sy 12 -sp "Microsoft RSA SChannel Cryptographic Provider" wildcard.cer
Both of which generate certificates that IIS 6 will accept, but when I actually try to view the site I get the following error in firefox:
这两个都生成IIS 6将接受的证书,但是当我实际尝试查看该站点时,我在firefox中收到以下错误:
Data Transfer Interrupted
The connection to dev.example.com was interrupted while the page was loading.
加载页面时,与dev.example.com的连接中断。
IE just gives:
IE只给出:
Internet Explorer cannot display the webpage
Most likely causes:
最可能的原因:
- You are not connected to the Internet.
您未连接到Internet。
- The website is encountering problems.
该网站遇到了问题。
- There might be a typing error in the address.
地址中可能存在输入错误。
This error happens whether I try to access it by domain name, machine name, localhost, local ip, or loopback ip.
无论我是否尝试通过域名,计算机名,localhost,本地IP或环回ip访问它,都会发生此错误。
So...how can I create a self-signed wildcard cert that IIS 6 will work with? Or how can I fix the problems I'm experiencing with the ones I've already created?
那么......我如何创建IIS 6可以使用的自签名通配符证书?或者我如何解决我已经创建的问题?
5 个解决方案
#1
You can use the IIS 6 Resource Kit provided by MS, an command line app called SelfSSL. It can generate the SSL key and import it into your IIS installation.
您可以使用MS提供的IIS 6 Resource Kit,这是一个名为SelfSSL的命令行应用程序。它可以生成SSL密钥并将其导入IIS安装。
IIS 6资源工具包
#2
you can do a wildcard certificate with *.domain.local and multiple ssl protocols by using the c:\inetpub\adminscripts adsutil.vbs set w3svc[siteid]\SecureBindings ":443:name.domain.local"
您可以使用c:\ inetpub \ adminscripts adsutil.vbs设置w3svc [siteid] \ SecureBindings“:443:name.domain.local”,使用* .domain.local和多个ssl协议来创建通配符证书
#3
Did you realize that you would need to change from "example.com" to some thing more appropriate to your situation ("localhost" might be one of them during testing).
您是否意识到您需要从“example.com”更改为更符合您情况的事情(“localhost”可能是测试期间的其中之一)。
#4
For IIS 7 - there is a wzard to do this. It takes about 30 seconds to setup.
对于IIS 7 - 有一个wzard这样做。设置大约需要30秒。
For IIS 6 - it's a bit trickier. It takes about 30 minutes to setup.
对于IIS 6 - 它有点棘手。设置大约需要30分钟。
Which one are you using?
你在用哪一个?
I strongly recommend moving to IIS 7 - it is very foreign at first, but they've made a lot of improvements.
我强烈建议迁移到IIS 7 - 它起初非常陌生,但它们已经做了很多改进。
Given that you probably can't upgrade to IIS 7, I had to do the following to implement what you want in IIS 6.
鉴于您可能无法升级到IIS 7,我必须执行以下操作才能在IIS 6中实现您想要的功能。
1) create certificate server 2) generate request 3) grant request 4) install certificate
1)创建证书服务器2)生成请求3)授权请求4)安装证书
It's a bit of a pain to setup the certificate authority server, but it comes with Windows Server and the walkthrough is pretty straight forward.
设置证书颁发机构服务器有点痛苦,但它随Windows Server一起提供,演练非常简单。
#5
We discovered that the Certificate Authority wasn't being trusted because of domain settings and was causing the errors. We ended up deploying a star cert generated by a trusted CA and that cleared up the problems.
我们发现由于域设置而导致证书颁发机构不受信任并导致错误。我们最终部署了由受信任的CA生成的星级证书,并解决了这些问题。
#1
You can use the IIS 6 Resource Kit provided by MS, an command line app called SelfSSL. It can generate the SSL key and import it into your IIS installation.
您可以使用MS提供的IIS 6 Resource Kit,这是一个名为SelfSSL的命令行应用程序。它可以生成SSL密钥并将其导入IIS安装。
IIS 6资源工具包
#2
you can do a wildcard certificate with *.domain.local and multiple ssl protocols by using the c:\inetpub\adminscripts adsutil.vbs set w3svc[siteid]\SecureBindings ":443:name.domain.local"
您可以使用c:\ inetpub \ adminscripts adsutil.vbs设置w3svc [siteid] \ SecureBindings“:443:name.domain.local”,使用* .domain.local和多个ssl协议来创建通配符证书
#3
Did you realize that you would need to change from "example.com" to some thing more appropriate to your situation ("localhost" might be one of them during testing).
您是否意识到您需要从“example.com”更改为更符合您情况的事情(“localhost”可能是测试期间的其中之一)。
#4
For IIS 7 - there is a wzard to do this. It takes about 30 seconds to setup.
对于IIS 7 - 有一个wzard这样做。设置大约需要30秒。
For IIS 6 - it's a bit trickier. It takes about 30 minutes to setup.
对于IIS 6 - 它有点棘手。设置大约需要30分钟。
Which one are you using?
你在用哪一个?
I strongly recommend moving to IIS 7 - it is very foreign at first, but they've made a lot of improvements.
我强烈建议迁移到IIS 7 - 它起初非常陌生,但它们已经做了很多改进。
Given that you probably can't upgrade to IIS 7, I had to do the following to implement what you want in IIS 6.
鉴于您可能无法升级到IIS 7,我必须执行以下操作才能在IIS 6中实现您想要的功能。
1) create certificate server 2) generate request 3) grant request 4) install certificate
1)创建证书服务器2)生成请求3)授权请求4)安装证书
It's a bit of a pain to setup the certificate authority server, but it comes with Windows Server and the walkthrough is pretty straight forward.
设置证书颁发机构服务器有点痛苦,但它随Windows Server一起提供,演练非常简单。
#5
We discovered that the Certificate Authority wasn't being trusted because of domain settings and was causing the errors. We ended up deploying a star cert generated by a trusted CA and that cleared up the problems.
我们发现由于域设置而导致证书颁发机构不受信任并导致错误。我们最终部署了由受信任的CA生成的星级证书,并解决了这些问题。