如何在 IIS 7 中为 SSL 配置站点?
我们有一台带有 IIS 7 的 Windows 2008 服务器来测试我们为客户开发的站点。每个站点都有一个子域绑定:
- clienta.example.com
- clientb.example.com
- clientc.example.com
(* 使用 example.com 保护无辜者)
对于其中一个站点,我们现在必须测试它是否可以通过 https 运行。
因此,我创建了一个以 *.example.com 作为通用名的证书请求。我已收到证书(由 PositiveSSL SA 颁发)并完成了请求。该证书现已安装在 IIS 中。
现在,我已使用以下设置将 https 绑定添加到第二个站点:
键入:https IP地址:全部未分配 端口:443 主机名:clientb.example.com SSL 证书:*.example.com
通过常规 http 浏览网站效果很好。当我尝试通过 https 浏览网站时,出现以下错误(取决于所使用的浏览器):
Chrome
此网页不可用 错误 102 (net::ERR_CONNECTION_REFUSED):未知错误。
Firefox
无法连接 Firefox 无法建立与 clientb.example.com 服务器的连接 Firebug 说状态:已中止
Internet Explorer
Internet Explorer 无法显示我已检查失败请求跟踪的网页
,并且根据日志,请求已完成,状态为 200。
我已使用以下命令运行 SSL 诊断工具结果:
System time: Fri, 04 Mar 2011 14:04:35 GMT
Connecting to 192.168.2.95:443
Connected
Handshake: 115 bytes sent
Handshake: 3877 bytes received
Handshake: 326 bytes sent
Handshake: 59 bytes received
Handshake succeeded
Verifying server certificate, it might take a while...
Server certificate name: *.example.com
Server certificate subject: OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.example.com
Server certificate issuer: C=GB, S=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=PositiveSSL CA
Server certificate validity: From 2-3-2011 1:00:00 To 2-3-2012 0:59:59
1:00:00 To 2-3-2012 0:59:59
HTTPS request:
GET / HTTP/1.0
User-Agent: SSLDiag
Accept:*/*
HTTPS: 85 bytes of encrypted data sent
HTTPS: 533 bytes of encrypted data received
Status:
HTTP/1.1 404 Not Found
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 04 Mar 2011 14:04:35 GMT
Connection: close
Content-Length: 315
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Not Found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Not Found</h2>
<hr><p>HTTP Error 404. The requested resource is not found.</p>
</BODY></HTML>
HTTPS: server disconnected
Final handshake: 37 bytes sent successfully
问:我该怎么做才能使这项工作成功?
We have an Windows 2008 server with IIS 7 to test sites we develop for our clients. Each site has a binding on a subdomain:
- clienta.example.com
- clientb.example.com
- clientc.example.com
(* Using example.com to protect the innocent)
For one of these sites we now have to test if it works over https.
So I have created a certificate request with *.example.com as the common name. I have received the certificate (issued by PositiveSSL SA) and completed the request. The certificate is now installed in IIS.
Now I have added an https binding to the second site with the following settings:
type: https
IP address: All Unassigned
Port: 443
Host name: clientb.example.com
SSL certificate: *.example.com
Browsing the site over regular http works fine. When I try to browse the site over https I get the following errors (depending on the browser used):
Chrome
This webpage is not available
Error 102 (net::ERR_CONNECTION_REFUSED): Unknown error.
Firefox
Unable to connect
Firefox can't establish a connection to the server at clientb.example.com
Firebug says Status: Aborted
Internet Explorer
Internet Explorer cannot display the webpage
I have checked Failed Request Tracing, and according to the log the request was completed with status 200.
I have run the SSL Diagnostics Tool with the following result:
System time: Fri, 04 Mar 2011 14:04:35 GMT
Connecting to 192.168.2.95:443
Connected
Handshake: 115 bytes sent
Handshake: 3877 bytes received
Handshake: 326 bytes sent
Handshake: 59 bytes received
Handshake succeeded
Verifying server certificate, it might take a while...
Server certificate name: *.example.com
Server certificate subject: OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.example.com
Server certificate issuer: C=GB, S=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=PositiveSSL CA
Server certificate validity: From 2-3-2011 1:00:00 To 2-3-2012 0:59:59
1:00:00 To 2-3-2012 0:59:59
HTTPS request:
GET / HTTP/1.0
User-Agent: SSLDiag
Accept:*/*
HTTPS: 85 bytes of encrypted data sent
HTTPS: 533 bytes of encrypted data received
Status:
HTTP/1.1 404 Not Found
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 04 Mar 2011 14:04:35 GMT
Connection: close
Content-Length: 315
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Not Found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Not Found</h2>
<hr><p>HTTP Error 404. The requested resource is not found.</p>
</BODY></HTML>
HTTPS: server disconnected
Final handshake: 37 bytes sent successfully
Q: What can I do to make this work?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
为了使 IP 绑定与主机标头结合使用,最好首先确保防火墙将 https 请求转发到 Web 服务器 (TCP/443)。
哦。
For the IP-binding to work when combined with a host header it's a good idea to first make sure the firewall is forwarding https requests to the webserver (TCP/443).
Doh.