IIS 6怎样配置SSL 安全访问
2009-12-09 10:20
281 查看
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1
You can configure Secure Sockets Layer (SSL) security features on a Web server or a Web site to verify the integrity of your content, verify the identity of users, and encrypt network transmissions.
In IIS Manager, double-click the local computer, and then double-click the Web Sites folder.
Right-click the Web site or file that you want to protect with SSL, and then click Properties.
Under Web site identification click Advanced.
In the Advanced Web site identification box, under Multiple identities for this Web site, verify that the Web site IP address is assigned to port 443, the default port for secure communications, and then click OK. Optionally, to configure more SSL ports for this Web site, click Add under Multiple identities of this Web site, and then click OK.
On the Directory Security or File Security tab, under Secure communications, click Edit.
In the Secure Communications box, select the Require secure channel (SSL) check box.
To enable SSL client certificate authentication and mapping features, select the Enable client certificate mapping check box, click Edit, add the 1-to-1 or many-to-1 mappings you need, and then click OK three times.
For information about client certificate mapping, see Mapping Client Certificates to User Accounts in IIS 6.0.
Enabling Client Certificates in IIS 6.0
Updated: August 22, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1
You can require users attempting to access your Web site to log on with a client certificate. Requiring a client certificate is just one aspect of protecting your server against unauthorized access. Any user with a valid and trusted client certificate can establish a secure connection and access your resource. To protect your Web content from unauthorized access you must do one of the following:
Use Basic, Digest, or Integrated Windows authentication, in addition to requiring a client certificate.
Create a Windows account mapping for client certificates. For more information, see Mapping Client Certificates to User Accounts in IIS 6.0.
In IIS Manager, double-click the local computer, and then right-click the Web site, directory, or file that you want and click Properties.
If you have not previously obtained a server certificate, click the Directory Security tab, and then under Secure Communications, click Server Certificate. For more information, see Obtaining Server Certificates.
If you have previously obtained a server certificate, click the Directory Security or File Security tab, and then under Secure Communications, click Edit.
In the Secure Communications box, select the Require secure channel (SSL) check box. Requiring a secure channel means that users cannot connect to this site without using a secure link (that is, the link's URL must begin with https://).
Under Client certificates select one of the following to enable client Certificate authentication:
Accept client certificates Users can access the resource with a client certificate, but the certificate is not required.
Require client certificates The server will request a client certificate before connecting the user to the resource. Users without a valid client certificate will be denied access.
Ignore client certificates Users with or without a client certificate will be granted access.
You can configure Secure Sockets Layer (SSL) security features on a Web server or a Web site to verify the integrity of your content, verify the identity of users, and encrypt network transmissions.
Important |
---|
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /user:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc". |
Procedures
To configure SSL on a Web server or a Web siteIn IIS Manager, double-click the local computer, and then double-click the Web Sites folder.
Right-click the Web site or file that you want to protect with SSL, and then click Properties.
Under Web site identification click Advanced.
In the Advanced Web site identification box, under Multiple identities for this Web site, verify that the Web site IP address is assigned to port 443, the default port for secure communications, and then click OK. Optionally, to configure more SSL ports for this Web site, click Add under Multiple identities of this Web site, and then click OK.
On the Directory Security or File Security tab, under Secure communications, click Edit.
In the Secure Communications box, select the Require secure channel (SSL) check box.
To enable SSL client certificate authentication and mapping features, select the Enable client certificate mapping check box, click Edit, add the 1-to-1 or many-to-1 mappings you need, and then click OK three times.
Note |
---|
If you set your Web site to require SSL, as in step 6 above, and you have not completed setting up SSL for the site, then users browsing your site will receive this error: "HTTP Error 403.4 - Forbidden: SSL is required to view this resource." To avoid this condition, either complete all the steps in the list above, or go back and clear the Require Secure Channel (SSL) check box (see step 6). |
Related Information
For information about enabling client certificates, see Enabling Client Certificates in IIS 6.0.For information about client certificate mapping, see Mapping Client Certificates to User Accounts in IIS 6.0.
Enabling Client Certificates in IIS 6.0
Updated: August 22, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1
You can require users attempting to access your Web site to log on with a client certificate. Requiring a client certificate is just one aspect of protecting your server against unauthorized access. Any user with a valid and trusted client certificate can establish a secure connection and access your resource. To protect your Web content from unauthorized access you must do one of the following:
Use Basic, Digest, or Integrated Windows authentication, in addition to requiring a client certificate.
Create a Windows account mapping for client certificates. For more information, see Mapping Client Certificates to User Accounts in IIS 6.0.
Important |
---|
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures, or you must have been delegated the appropriate authority. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc". For information about delegating administrative authority, see "Delegating administration" in Help and Support Center for Windows Server 2003. |
Procedures
To enable client certificatesIn IIS Manager, double-click the local computer, and then right-click the Web site, directory, or file that you want and click Properties.
If you have not previously obtained a server certificate, click the Directory Security tab, and then under Secure Communications, click Server Certificate. For more information, see Obtaining Server Certificates.
If you have previously obtained a server certificate, click the Directory Security or File Security tab, and then under Secure Communications, click Edit.
In the Secure Communications box, select the Require secure channel (SSL) check box. Requiring a secure channel means that users cannot connect to this site without using a secure link (that is, the link's URL must begin with https://).
Under Client certificates select one of the following to enable client Certificate authentication:
Accept client certificates Users can access the resource with a client certificate, but the certificate is not required.
Require client certificates The server will request a client certificate before connecting the user to the resource. Users without a valid client certificate will be denied access.
Ignore client certificates Users with or without a client certificate will be granted access.
相关文章推荐
- 使用ssl加密的IIS客户端证书访问配置
- 建立安全的通信渠道 为IIS服务器配置SSL
- 在IIS上如何发布HTTPS网站,SSL安全服务配置
- asp.net在IIS环境中访问第三方需数字证书接口时 报 “请求被中止: 未能创建 SSL/TLS 安全通道”
- Web GIS访问ArcGIS安全认证服务代理配置解决方案-IIS版本
- 按部就班——图解配置IIS5的SSL安全访问
- 按部就班——图解配置IIS5的SSL安全访问(转)
- [转]图解配置IIS5的SSL安全访问
- 按部就班——图解配置IIS5的SSL安全访问
- 配置web SSL 安全证书Https访问
- 为IIS服务器配置SSL安全信道
- 用证书实现windows 2003下IIS的SSL安全通信
- 要访问本地IIS 网站,必须安装下列IIS组建: IIS6元数据库与IIS6配置兼容性ASP.NET
- IIS安全配置精华
- Hyper V虚拟机断电,IIS站点无法访问,SharePoint 配置数据库无法访问,
- 在IIS中使用SSL配置HTTPS网站
- IIS服务器安全配置[摘]
- (转)Windows Server2003 防木马权限设置IIS服务器安全配置整理
- Web 应用程序项目 XXXX 已配置为使用 IIS。 无法访问 IIS 元数据库。您没有足够的特权访问计算机上的 IIS 网站。