如何将自签名 SSL 证书部署到多个服务器
我需要创建一个自签名 SSL 证书,并在两个不同的 Web 服务器上安装相同的证书。 对于这个特定场景,我有两个采用网络负载平衡配置的 Web 服务器(Win2K3 w/ II6)。
我已经安装了IIS资源工具包,可以使用SelfSSL工具制作证书。 然而,我的困惑来自于该工具仅在当前计算机上注册证书。 如何以某种形式提取证书,然后将其注册到其他 Web 服务器上?
我根本不偏爱 SelfSSL 工具,因此,如果我的做法完全错误,我愿意接受其他说明。 我已经看到了有关如何使用 OpenSSL 生成 .cer 文件的说明,但我真的试图推迟安装 OpenSSL,除非确实必须这样做。
谢谢!
I need to create a self signed SSL certificate and the install the same certificate on two different web servers. For this specific scenario I have two web servers (Win2K3 w/ II6) in a network load balanced configuration.
I have installed the IIS resource tool kit and can use the SelfSSL tool to make a certificate. However my confusion comes from that the tool only registers the certificate on the current machine. How do I go about extracting the certificate in a form that I can then register it on the other web server?
I am not partial to the SelfSSL tool at all, so if I am going about this entirely wrong I am open to alternative instructions. I have seen instructions on how to generate .cer files using OpenSSL but I was really trying to hold off on install OpenSSL unless I really had to.
Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
前言
这些说明可能对任何人都没有太大帮助,因为 Windows 7 和 IIS 7 都是 不再支持。 然而,我觉得有必要回答这个问题,因为这是目前 Stackoverflow 上最古老的未解答问题,我觉得我可以根据多个来源提供准确的答案。
完成此操作后,您应该能够通过 Microsoft 管理控制台提取 SelfSSL 生成的证书,然后使用 IIS 管理器将其安装到其他 Web 服务器上。 由于您在 2008 年提出了这个问题,因此以下说明应该适合您的时间范围。
步骤 1:提取证书
这些是 这篇关于 HowToGeek 的文章。
首先,运行命令
mmc打开管理控制台:在控制台中,转到“文件”>“ 添加/删除管理单元。
从左侧添加证书。
选择计算机帐户。
选择本地计算机。
单击“确定”查看本地证书存储。
导航到个人> 证书并找到您使用 SelfSSL 实用程序设置的证书。
步骤2:安装证书。
现在您已成功提取证书,下一步是将其安装到 IIS Web 服务器中。 再次强调,SSL 存储中的这些说明 IIS 7 应该适合您的时间范围。
1. 启动 IIS 管理器
单击“开始”、“控制面板”、“管理工具”,然后选择“Internet 信息服务 (IIS) 管理器”。
2. 选择您的服务器名称
在左侧的“连接”菜单中,选择要安装证书的服务器名称(主机)。
3. 导航到“安全”部分
在中央菜单中,单击靠近底部的“安全”部分下的“服务器证书”图标。Microsoft IIS 7 步骤4
4. 单击“完成证书请求”
在右侧“操作”菜单中,单击“完成证书” Request.Microsoft IIS 7 Step5
5. 浏览到您的服务器证书
在“完整证书请求”向导中,单击“...”浏览并选择之前保存在服务器桌面上的服务器证书文件。
6. 为您的证书命名
输入一个友好名称,这是一个内部参考名称,用于稍后区分该文件。 我们建议包含 CA 名称和到期日期。Microsoft IIS 7 Step7
7. 单击“确定”
单击“确定”,新安装的证书应出现在刷新的服务器证书列表中。
Preface
These instructions are probably not of much help to anyone, since both Windows 7 and IIS 7 are not supported anymore. However, I felt compelled to answer this question because it was currently the oldest unanswered question on Stackoverflow and I felt I could provide an accurate answer based on multiple sources.
With that out of the way, you should be able to extract the certificate generated by SelfSSL through the Microsoft Management Console and subsequently install it on other web servers using IIS Manager. Since you asked this question in 2008, the following instructions should be appropriate for your timeframe.
Step 1: Extracting the certificate
These are the relevant steps from this article on HowToGeek.
First, run the command
mmcto open the Management Console:In the console, go to File > Add/Remove Snap-in.
Add Certificates from the left side.
Select Computer account.
Select Local computer.
Click OK to view the Local Certificate store.
Navigate to Personal > Certificates and locate the certificate you setup using the SelfSSL utility.
Step 2: Installing the certificate.
Now that you have successfully extracted the certificate, the next step is to install it into an IIS web server. Again, these instructions from SSL Store for IIS 7 should be appropriate for your timeframe.
1. Launch IIS Manager
Click Start, Control Panel, Administrative Tools, and then select Internet Information Services (IIS) Manager.
2. Select your server name
In the left Connections menu, select the server name (host) where you want to install the certificate.
3. Navigate to the Security section
In the center menu, click the Server Certificates icon under the Security section near the bottom.Microsoft IIS 7 Step4
4. Click Complete Certificate Request
In the right Actions menu, click Complete Certificate Request.Microsoft IIS 7 Step5
5. Browse to your Server Certificate
In the Complete Certificate Request wizard, click “…” to browse and select Your Server Certificate file that was previously saved on your server’s desktop.
6. Name your certificate
Enter a Friendly Name which is an internal reference name to distinguish the file later. We recommend including the CAs name and expiration date.Microsoft IIS 7 Step7
7. Click OK
Click OK and the newly installed certificate should appear in the refreshed Server Certificate List.