Hlanganisa isitifiketi se-SSL kusuka ku-DomainFactory ku-IIS

Esikhathini se- Let Encrypt , amawebhusayithi abethelwe manje asejwayelekile. Kodwa-ke, i-wildcard noma izitifiketi ezinwetshiwe ezinokuqinisekiswa komnikazi othembekile nazo ziyadingeka kaningi. Umhlinzeki DomainFactory unikeza izitifiketi ze-SSL ezingabizi kakhulu ezingasetshenziswa nangaphandle. Ukusetha kwi- IIS yamanje kuphumelela ngaphandle kwe- CSR ngosizo lwe- OpenSSL . Kokulandelayo ngizokhombisa kafushane ukuthi yiziphi izinyathelo ezidingekayo kulokhu.


Okokuqala ukhetha ikheli olifunayo njengegama lesizinda (ngokufaka u- "www" ukuze ngokuhamba kwesikhathi zombili i- https://tld.com ne- https://www.tld.com zibethelwe):

Isitifiketi se-SSL IIS

Ngemuva kokukhetha isitifiketi esifiselekayo nobude besikhathi, i-DomainFactory ingazakhela eyayo i-CSR:

Isitifiketi se-SSL IIS

Inketho yesibili (layisha i-CSR yakho) ayidingekile futhi inzima (ngokuzenzakalela, i-IIS ayinikeli inketho yokwenza izicelo ezibethelwe ze-SHA256 ezidingwa yi-DomainFactory). Ngemuva kwe-oda eliphumelelayo ulanda isitifiketi se-SSL, ukhiye oyimfihlo kanye nenqwaba ye-CA emaphakathi:

Isitifiketi se-SSL IIS

Manje uhlanganisa ukhiye nesitifiketi kufayela le-pfx ngosizo lwe-OpenSSL (ukwabela iphasiwedi evikelekile):

openssl pkcs12 -export -out www.tld.com.pfx -inkey www.tld.com.key -in www.tld.com.crt

Ekugcineni, isitifiketi esimaphakathi silayishwa kuseva yeWindows:

Isitifiketi se-SSL IIS

Lokhu kulandelwa ukungeniswa kwefayela le-pfx elenziwe ku-IIS Manager (endaweni Yezitifiketi Zeseva) ngokufaka iphasiwedi eyabelwe ngaphambilini:

Isitifiketi se-SSL IIS

Ekugcineni, lungisa ukubopha (ukungena okukodwa nokungena okukodwa ngaphandle kwe-www):

Isitifiketi se-SSL IIS

Uma ngabe iseva izotholakala ngaphandle, uvula itheku 443 ku-router / firewall.

Emuva