ãåå¤å·¥ä½
1.windows2003æ·»å ç»ä»¶
æ·»å IISï¼å¾éâåºç¨ç¨åºæå¡å¨âï¼ç¶ååå»è¿å ¥ä¸å¾ï¼å¾éâIISâåâASP.NETâ
æ·»å è¯ä¹¦ç³»ç»ï¼å¾éâè¯ä¹¦æå¡â
æ·»å ç»ä»¶çæ¶åè¦æ±å¡«åçå°±æç §æä½å¡«ä¸å°±è¡äºï¼ç¶åä¸ä¸æ¥ï¼ç´å°å®æã
2.æopenssl(æ§è¡çï¼æçå«ç¼è¯åç)解åå°d:ä¸ï¼å½ç¶åªä¸ªçé½å¯ä»¥ã
äºãè·åIISè¯ä¹¦è¯·æ±
æ¶è®¾å¥½IISç½ç«åï¼å¨ãç®å½å®å ¨æ§ãé项å¡ä¸ç¹å»ãæå¡å¨è¯ä¹¦ãæé®ï¼ãä¸ä¸æ¥ãï¼ãæ°å»ºè¯ä¹¦ãï¼ãç°å¨åå¤è¯ä¹¦è¯·æ±ï¼ï¼ä¸ä¸æ¥ãï¼è¾å ¥ãå称ã,è¾å ¥ãåä½ãåãé¨é¨ãï¼è¾å ¥ãå ¬ç¨å称ãï¼éæ©ãå½å®¶ã并è¾å ¥ãçãåãå¸å¿ã并ãä¸ä¸æ¥ãï¼ãä¸ä¸æ¥ãï¼ãä¸ä¸æ¥ãï¼ãå®æãï¼IISçè¯ä¹¦è¯·æ±å·²ç»è·åï¼å°±æ¯C:\certreq.txtãè¿é请ç¢è®°è¾å ¥çä¿¡æ¯ã
ä¸ãå¼å§æä½openssl
ï¼cmd â> d:\openssl-0.9.7\out32dll
ä¸æ§è¡ä¸é¢çæä½ï¼æ³¨æopenssl.cnfæ件ï¼åé¢å½ä»¤é½æ¯ç¨å®ç¼è¯çï¼
1.çæèªç¾åæ ¹è¯ä¹¦
openssl
req -x509 -newkey rsa:1024 -keyout cakey.pem -out cacert.pem -days 3650 -config
d:\openssl-0.9.7\apps\openssl.cnf
PEM pass phraseï¼æ ¹è¯ä¹¦å¯ç ï¼å½ç¶å¾éè¦ï¼
Country
Name: CN //两个åæ¯çå½å®¶ä»£å·
State or Province Name: guang dong //ç份å称
Locality
Name: guang zhou //åå¸å称
Organization Name: sunrising //å ¬å¸å称
Organizational Unit Name: home //é¨é¨å称
Common Name: besunny
//ä½ çå§å(è¦æ¯çææå¡å¨ç«¯çè¯ä¹¦ä¸å®è¦è¾å ¥ååæè ipå°å)
Email Address: Emailå°å
2.æcakey.pem æ·è´å°\demoCA\private,
æcacert.pemæ·è´å°out32dll\demoCA
copy cakey.pem
demoCA\private
copy cacert.pem
demoCA
æéï¼è¿æ¶åï¼å·²ç»æcakey.pem:caçç§é¥æ件ï¼cacert.pem:caçèªç¾åæ ¹è¯ä¹¦ï¼certreq.txt:IISçè¯ä¹¦è¯·æ±æ件ï¼ä¸ä¸ªæ件ã
3.ç¨CAè¯ä¹¦cacert.pem为IIS请æ±certreq.txtç¾åè¯ä¹¦server.pem
openssl ca -in certreq.txt -out server.pem -config
d:\openssl-0.9.7\apps\openssl.cnf
4.æserver.pem转æ¢æx509æ ¼å¼
openssl
x509 -in server.pem -out
server.cer
æéï¼è¿æ¶åï¼ä½ åå¾å°äºä¸¤ä¸ªæ件ï¼ä¸ä¸ªæ¯server.pemï¼ä¸ä¸ªæ¯server.cerãç°å¨æbinä¸çserver.cerå¤å¶å°c:ä¸ã
5.å°çæçè¯ä¹¦server.cerå¯¼å ¥å°IIS
æå¼IISï¼å¨ãé»è®¤ç½ç«ãä¸åå»å³é®ãå±æ§ãï¼å¨ãç®å½å®å ¨æ§ãé项å¡ä¸ç¹å»ãæå¡å¨è¯ä¹¦ãæé®ï¼ãä¸ä¸æ¥ãï¼éæ©ãå¤çæèµ·ç请æ±å¹¶å®è£ è¯ä¹¦ã并ãä¸ä¸æ¥ãï¼æ£å¸¸æ åµä¸ï¼æ¨å·²ç»çå°äºææ¬æ¡ä¸å°±æ¯c:\server.cerï¼å¦æä¸æ¯ï¼èªå·±ç¹ãæµè§ãæé®å»æ¾å¹¶ãä¸ä¸æ¥ãï¼ãä¸ä¸æ¥ãï¼ãå®æããåå°ãç®å½å®å ¨æ§ãé项å¡å¨ãå®å ¨éä¿¡ãæ ç®ä¸åå»ãç¼è¾ãæé®ï¼å¾ä¸ãè¦æ±å®å ¨éé(SSL)ãï¼å¾ä¸ãè¦æ±128ä½å å¯ãï¼éæ©ãè¦æ±å®¢æ·ç«¯è¯ä¹¦ãï¼ç¹å»ãç¡®å®ãæé®ã
6.çæ客æ·ç«¯è¯ä¹¦
openssl
req -newkey rsa:1024 -keyout clikey.pem -out clireq.pem -days 365 -config
d:\openssl-0.9.7\apps\openssl.cnf
è¯ä¹¦ä¿¡æ¯èªå·±å¡«åï¼æäºå 容è¦ä¸æ ¹è¯ä¹¦ä¸è´ã
7.CAç¾å客æ·ç«¯è¯ä¹¦
openssl ca -in
clireq.pem -out client.crt -config d:\openssl-0.9.7\apps\openssl.cnf
8.å°å®¢æ·ç«¯è¯ä¹¦è½¬æ¢ä¸ºpk12æ ¼å¼
openssl pkcs12 -export -clcerts -in client.crt -inkey clikey.pem -out
client.p12 -config d:\openssl-0.9.7\apps\openssl.cnf
9.å®è£ ä¿¡ä»»çæ ¹è¯ä¹¦
æcacert.pemæ¹å为cacert.cerï¼åå»cacert.ceræ件ï¼æå¼è¯ä¹¦ä¿¡æ¯çªå£ï¼åå»ãå®è£ è¯ä¹¦ãæé®ï¼ãä¸ä¸æ¥ãã
æéï¼ä¸é¢æ¯æå ³é®çï¼
éæ©ãå°ææçè¯ä¹¦æ¾å ¥ä¸ååå¨åºãï¼ç¹å»ãæµè§ãæé®
[url=file:///C:/Documents][/url]
éæ©ãåä¿¡ä»»çæ ¹è¯ä¹¦é¢åæºæãï¼å¾éãç©çåå¨åºãï¼éæ©ãåä¿¡ä»»çæ ¹è¯ä¹¦é¢åæºæãï¼ç¹ãæ¬å°è®¡ç®æºãï¼å¹¶ç¹å»ãç¡®å®ãï¼ãä¸ä¸æ¥ãï¼ãå®æãï¼ãæ¯ãï¼æ ¹è¯ä¹¦å®è£ å®æ¯ï¼å¾éãç©çåå¨åºâï¼éæ©âåä¿¡ä»»çæ ¹è¯ä¹¦é¢åæºæâï¼ç¹âæ¬å°è®¡ç®æºâï¼ç¶åç¹âç¡®å®âã
[url=file:///C:/Documents][/url]
âclent.crtâçå®è£ ä¹æ¯ä¸é¢ç¸åçæ¥éª¤ã
10.å®è£ 客æ·ç«¯è¯ä¹¦
æ¾å°client.p12æ件æ·è´å°æ¬å°è®¡ç®æºï¼ç¶ååå»ï¼ãä¸ä¸æ¥ãï¼ãä¸ä¸æ¥ãï¼è¾å ¥å®¢æ·ç«¯è¯ä¹¦çå¯ç 并ãä¸ä¸æ¥ãï¼ãä¸ä¸æ¥ãï¼ãå®æãï¼ãç¡®å®ããå°æ¤ï¼å®¢æ·ç«¯çè¯ä¹¦ä¹å·²ç»å®å®æ¯ã