IIS6:从命令行创建/安装 SSL 自签名证书
我想在 IIS6 中自动为网站设置 SSL。似乎可以使用 selfSSL 和 certutil 来执行此操作,但证书对我来说是新的,我不确定如何将它们组合在一起。
据我了解,我需要:
- 创建证书
- 将证书分配给网站
- 添加安全(SSL/443)绑定到网站
如果已经创建了站点证书,我还想避免创建新证书。这样我就不会得到一堆多余的证书。
I want to automate the setup of SSL for a website in IIS6. It appears selfSSL and certutil can be used to do this but certificates are new to me and I'm unsure how to put them together.
From what I understand I need to:
- create a certificate
- assign the certificate to the website
- add a secure (SSL/443) binding to the website
I would also like to avoid creating a new certificate if the site cert has already been created. That way I don't end up with a bunch of redudant certs.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我建议您查看 IIS 6 资源工具包:http ://www.microsoft.com/download/en/details.aspx?displaylang=en&id=17275
资源工具包中有一个名为selfssl.exe - 它自动创建、分配甚至信任新创建的证书。我们在工作中经常使用它,以确保我们的开发盒拥有可以在测试/开发期间使用的证书。
这是我们使用的命令行 - 它将使用密钥大小 1024 创建证书(针对本地主机),信任它,并使其有效期约 10 年:
如果您托管多个站点,则需要使用
/S参数指定要添加证书的站点 ID。注意:这在 WinXP 上的 IIS 5 上也能正常工作,但我从未在任何 IIS 7 系列上尝试过。
I would suggest you look at the IIS 6 Resource Kit: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=17275
There is a tool in the resource kit called selfssl.exe - it automates the creation, assignment and even trusting of the newly created certificate. We use it quite a bit where I work to ensure that our dev boxes have certificates we can use during testing/development.
Here is the command line we use - it will create the cert (for localhost) using a key-size of 1024, trust it, and make it valid for ~10 years:
If you are hosting multiple sites, you will need to use the
/Sparameter to specify the site id you want to add the certificate to.Note: this also works like a champ with IIS 5 on WinXP, but I have never tried it on any of the IIS 7 family.
如果您使用 Wix 来创作您的设置,则运行此 CustomAction (仅运行 SelfSSL)将为您解决问题:
此操作将:
默认网站命令行说明:
您可以使用
指定端口>/P:[端口号]开关。默认值为 443,这是您想要的,因此您可以将其省略。警告:SelfSSL 似乎存在错误,该错误似乎已已解决。
如果您仍然遇到它,替代方法是切换到具有类似语法的
SSLDiag工具:我没有使用其他安装创作工具(InstallShield 等)的经验,但我确信他们有规定运行命令行程序。最坏的情况,您可以通过批处理文件运行它!
希望这有帮助。
If you're using Wix for authoring your setup, then running this CustomAction (which simply runs SelfSSL) will do the trick for you:
This action will:
Default Web SiteCommand line explained:
You can specify port with
/P:[port number]switch. The default is 443 which is what you want so you can leave it out.Caveat: There seems to be bug with SelfSSL which seems to have been resolved.
If you still run into it, alternative is to switch to
SSLDiagtool which has a similar syntax:I do not have experience with other setup authoring tools (InstallShield etc.) but I'm sure they have provisions to run commandline programs. Worst case, you can run this through a batch file!
Hope this helps.