如何在IIS 7中为SSL配置站点? [英] How do I configure a site in IIS 7 for SSL?
问题描述
我们有一台带有IIS 7的Windows 2008服务器,用于测试我们为客户开发的网站。每个网站都有一个子网域的绑定:
- clienta.example.com
- clientb.example .com
- clientc.example.com
(*使用example.com保护无辜的)
对于其中一个网站,我们现在必须测试它是否通过https工作。
因此,我创建了一个具有* .example.com作为公用名的证书请求。我已收到证书(由PositiveSSL SA发出)并完成了请求。
现在,我已经使用以下设置向第二个网站添加了https绑定:
type:https
IP地址:全部未分配
端口:443
主机名:clientb.example.com
SSL证书:* .example.com
通过常规http浏览网站工作正常。当我尝试通过https浏览网站时,我得到以下错误(取决于使用的浏览器):
Chrome b
$ b
此网页不可用
错误102(net :: ERR_CONNECTION_REFUSED):未知错误。
Firefox
无法连接
Firefox无法与clientb.example.com上的服务器建立连接
Firebug说状态:已中止
Internet Explorer
Internet Explorer无法显示网页
我已检查失败的请求跟踪,并根据日志完成请求的状态为200。
我已运行SSL诊断工具,结果如下:
系统时间:2011年3月4日星期五14:04:35 GMT
连接到192.168.2.95:443
已连接
握手:发送115字节
握手:3877接收的字节
握手:发送的字节为
握手:接收的59个字节
握手成功
验证服务器证书,可能需要一段时间...
服务器证书名称: * .example.com
服务器证书主题:OU =域控制验证,OU = PositiveSSL通配符,CN = *。example.com
服务器证书颁发者:C = GB,S =大曼彻斯特, Salford,O = Comodo CA有限公司,CN = PositiveSSL CA
服务器证书有效期:从2-3-2011 1:00:00至2-3-2012 0:59:59
1:00: 00到2-3-2012 0:59:59
HTTPS请求:
GET / HTTP / 1.0
用户代理:SSLDiag
接受:* / *
HTTPS:发送的85字节的加密数据
HTTPS:接收的533字节的加密数据
状态:
HTTP / 1.1 404未找到
HTTP / 1.1 404未找到
Content-Type:text / html; charset = us-ascii
服务器:Microsoft-HTTPAPI / 2.0
日期:Fri,04 Mar 2011 14:04:35 GMT
连接:close
Content-Length:315
<!DOCTYPE HTML PUBLIC - // W3C // DTD HTML 4.01 // ENhttp://www.w3.org/TR/html4/strict.dtd>
< HTML>< HEAD>< TITLE>找不到< / TITLE>
< META HTTP-EQUIV =Content-TypeContent =text / html; charset = us-ascii>< / HEAD&
< BODY>< h2>找不到< / h2>
< hr>< p> HTTP错误404.找不到请求的资源。< / p>
< / BODY>< / HTML>
HTTPS:服务器已断开
最终握手:已成功发送37个字节
问:我可以做什么来使这项工作?
当与主机头结合使用时,最好首先确保防火墙将HTTPS请求转发到网络服务器(TCP / 443)。
Doh。
We have an Windows 2008 server with IIS 7 to test sites we develop for our clients. Each site has a binding on a subdomain:
- clienta.example.com
- clientb.example.com
- clientc.example.com
(* Using example.com to protect the innocent)
For one of these sites we now have to test if it works over https.
So I have created a certificate request with *.example.com as the common name. I have received the certificate (issued by PositiveSSL SA) and completed the request. The certificate is now installed in IIS.
Now I have added an https binding to the second site with the following settings:
type: https IP address: All Unassigned Port: 443 Host name: clientb.example.com SSL certificate: *.example.com
Browsing the site over regular http works fine. When I try to browse the site over https I get the following errors (depending on the browser used):
Chrome
This webpage is not available Error 102 (net::ERR_CONNECTION_REFUSED): Unknown error.
Firefox
Unable to connect Firefox can't establish a connection to the server at clientb.example.com Firebug says Status: Aborted
Internet Explorer
Internet Explorer cannot display the webpage
I have checked Failed Request Tracing, and according to the log the request was completed with status 200.
I have run the SSL Diagnostics Tool with the following result:
System time: Fri, 04 Mar 2011 14:04:35 GMT
Connecting to 192.168.2.95:443
Connected
Handshake: 115 bytes sent
Handshake: 3877 bytes received
Handshake: 326 bytes sent
Handshake: 59 bytes received
Handshake succeeded
Verifying server certificate, it might take a while...
Server certificate name: *.example.com
Server certificate subject: OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.example.com
Server certificate issuer: C=GB, S=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=PositiveSSL CA
Server certificate validity: From 2-3-2011 1:00:00 To 2-3-2012 0:59:59
1:00:00 To 2-3-2012 0:59:59
HTTPS request:
GET / HTTP/1.0
User-Agent: SSLDiag
Accept:*/*
HTTPS: 85 bytes of encrypted data sent
HTTPS: 533 bytes of encrypted data received
Status:
HTTP/1.1 404 Not Found
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 04 Mar 2011 14:04:35 GMT
Connection: close
Content-Length: 315
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Not Found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Not Found</h2>
<hr><p>HTTP Error 404. The requested resource is not found.</p>
</BODY></HTML>
HTTPS: server disconnected
Final handshake: 37 bytes sent successfully
Q: What can I do to make this work?
For the IP-binding to work when combined with a host header it's a good idea to first make sure the firewall is forwarding https requests to the webserver (TCP/443).
Doh.
这篇关于如何在IIS 7中为SSL配置站点?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!