Esikhathini se- Let Encrypt , amawebhusayithi abethelwe manje asejwayelekile. Kodwa-ke, i-wildcard noma izitifiketi ezinwetshiwe ezinokuqinisekiswa komnikazi othembekile nazo ziyadingeka kaningi. Umhlinzeki DomainFactory unikeza izitifiketi ze-SSL ezingabizi kakhulu ezingasetshenziswa nangaphandle. Ukusetha kwi- IIS yamanje kuphumelela ngaphandle kwe- CSR ngosizo lwe- OpenSSL . Kokulandelayo ngizokhombisa kafushane ukuthi yiziphi izinyathelo ezidingekayo kulokhu.
Okokuqala ukhetha ikheli olifunayo njengegama lesizinda (ngokufaka u- "www" ukuze ngokuhamba kwesikhathi zombili i- https://tld.com ne- https://www.tld.com zibethelwe):
Ngemuva kokukhetha isitifiketi esifiselekayo nobude besikhathi, i-DomainFactory ingazakhela eyayo i-CSR:
Inketho yesibili (layisha i-CSR yakho) ayidingekile futhi inzima (ngokuzenzakalela, i-IIS ayinikeli inketho yokwenza izicelo ezibethelwe ze-SHA256 ezidingwa yi-DomainFactory). Ngemuva kwe-oda eliphumelelayo ulanda isitifiketi se-SSL, ukhiye oyimfihlo kanye nenqwaba ye-CA emaphakathi:
Manje uhlanganisa ukhiye nesitifiketi kufayela le-pfx ngosizo lwe-OpenSSL (ukwabela iphasiwedi evikelekile):
openssl pkcs12 -export -out www.tld.com.pfx -inkey www.tld.com.key -in www.tld.com.crtEkugcineni, isitifiketi esimaphakathi silayishwa kuseva yeWindows:
Lokhu kulandelwa ukungeniswa kwefayela le-pfx elenziwe ku-IIS Manager (endaweni Yezitifiketi Zeseva) ngokufaka iphasiwedi eyabelwe ngaphambilini:
Ekugcineni, lungisa ukubopha (ukungena okukodwa nokungena okukodwa ngaphandle kwe-www):
Uma ngabe iseva izotholakala ngaphandle, uvula itheku 443 ku-router / firewall.