在 IIS 上安装 .crt SSL 证书
场景:
需要在IIS服务器上搭建现有的PHP网站。
现有网站在某些子域中使用 SSL。证书是something.crt。
在 IIS,服务器证书中,我尝试导入证书。但它要求一个扩展名为 .pfx 的文件。它要求输入密码。
我不熟悉 SSL 设置。有人可以帮我吗?
更新: 实际上我还有一个 .crt 文件和一个 gd_iis_intermediates.p7b 。看起来它们是由 GoDaddy 发行的。需要一些关于如何使用这两个证书文件的提示。
提前致谢。
Scenario:
Need to set up the existing PHP website on IIS Server.
The existing website uses SSL in some subdomains. The certificate is something.crt.
In IIS, Server Certificates, I try to Import Certificate. But it asks for a file with extention: .pfx. And it asks for a password.
I am not familiar with the SSL setting. Can someone help me out?
UPDATE:
Actually I have a .crt file and a gd_iis_intermediates.p7b as well. Looks like they are issued by GoDaddy. Need some hint in how to use these two certificate files.
Thanks in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果有人觉得这有帮助,就回答这个问题。现在您有一个 .crt 文件和 .p7b 文件。这些文件都不包含私钥。 IIS 或任何与此相关的 Web 服务器都需要 .pfx(或 .p12),这是唯一支持私钥存储的文件扩展名。有关详细信息,请参阅此帖子:https://blogs.msdn.microsoft.com/kaushal/2010/11/04/various-ssltls-certificate-file-typesextensions/
当您创建证书请求时,将创建私钥。它存在于创建证书请求的计算机上。为了获取 .pfx 文件,请在创建证书请求的计算机上执行以下操作:
Answering this in case anyone finds this helpful. So as of now you have a .crt file and .p7b file. Either of these files do not contain private keys. IIS or any web server for that matter needs .pfx (or .p12) which is the only file extension which supports storage of private keys. See this post for more info: https://blogs.msdn.microsoft.com/kaushal/2010/11/04/various-ssltls-certificate-file-typesextensions/
The private key gets created when you had created the certificate request. It is present on the machine where the certificate request was created. In order to get a .pfx file, do this on the machine where the certificate request was created:
This will launch the Microsoft Management Console (MMC)
Once the file has been imported. Double click the certificate and check whether you see "You have a private key that corresponds to this certificate"
If you dont see this, then try to run this command:
If the command fails, then it means that the privatekey is either not present or corrupted. In such case, simply restart the entire process.
If you see the private key associated with the certificate, then you can export the certificate along with the private key. The instructions are as same as above.
I found instructions including screenshots here: https://www.sslsupportdesk.com/export-ssl-certificate-private-key-pfx-using-mmc-windows/
HTH :)