【英文】在WindowsServer上搭建HTTPS服务器

Posted on Edited on In Views:

Introduction

Setting up an HTTPS server on Windows Server 2008

Setting up a dynamic website environment

  • Setting up a CA service requires creating a dynamic website

  • Right-click on Computer -> Manage

  • Click on Add Roles

  • Click on Next

  • Check Web Server (IIS) -> Next

  • Click on Next

  • Check Application Development -> Next

  • Click on Install

  • Wait for the installation to complete -> Close

Creating a static website

  • Click on Start -> Administrative Tools -> Internet Information Services (IIS) Manager

  • Right-click on Sites -> Add Website

  • Enter the website name -> enter the website project path -> select http as the type -> enter the hostname -> OK

Setting up a DNS server

  • Right-click on Computer -> Manage

  • Click on Add Roles

  • Click on Next

  • Check DNS Server -> Next

  • Click on Next

  • Click on Install

  • Wait for the installation to complete -> Close

Configuring the DNS server

  • Click on Start -> Administrative Tools -> DNS

  • Right-click on Forward Lookup Zones -> New Zone

  • Click on Next

  • Click on Next

  • Enter the Zone name -> Next

  • Click on Next

  • Click on Next

  • Click on Finish

Creating a hostname

  • Right-click on the empty area -> New Host

  • Enter the Name -> enter the IP address -> Add Host

  • Click on OK

  • Click on Finish

Setting up a CA server

  • Right-click on Computer -> Manage

  • Click on Add Roles

  • Click on Next

  • Check Active Directory Certificate Services -> Next

  • Click on Next

  • Check Certification Authority Web Enrollment

  • Click on Add Required Role Services

  • Click on Next

  • Check Standalone -> Next

  • Check Root CA -> Next

  • Check Create a new private key -> Next

  • Configure the encryption method and key length -> Next

  • Configure the CA name -> Next

  • Configure the validity period for issuing certificates by the CA -> Next

  • Configure the certificate database location and log storage location -> Next

  • Click on Next

  • Click on Next

  • Click on Install

  • Wait for the installation to complete -> Close

Applying for a certificate from the IIS server

  • Click on Start -> Administrative Tools -> Internet Information Services (IIS) Manager

  • Select the server -> double-click on Server Certificates

Creating a certificate request

  • Click on Create Certificate Request

  • Fill in the basic information -> Next

  • Create a key pair, configure the encryption method and key length -> Next

  • Configure the local storage location for the certificate request -> Finish

Submitting the request to the CA

  • Access the CA website using a browser (default is http://IP address/certsrv) -> Add

  • Click on Add -> Close

  • Click on Request a certificate

  • Advanced certificate request

Web browser certificates are requested for client browsers for two-way authentication.

  • Submit a certificate request by using a base64-encoded CMC or PKCS#10 file, or submit a renewal request by using a base64-encoded PKCS#7 file

  • Copy the content of the certificate request file to the Saved Request area

  • Click on Submit

  • Certificate request is complete

Issuing the certificate from the CA server

  • Click on Start -> Administrative Tools -> Certificate Authority

  • Select Pending Requests -> Right-click on the request -> All Tasks -> Issue

Saving the certificate on the IIS server

  • Access the CA server again using a browser -> View the status of a pending certificate request

  • Save the certificate request

  • Download the certificate

Configuring the certificate on the IIS server

  • Click on Start -> Administrative Tools -> Internet Information Services (IIS) Manager