如何配置IIS服务器使用的中间证书( 微软 KB954755)
How to configure intermediate certificates on a computer that is running IIS for server authentication
如何配置IIS服务器使用的中间证书
原文:http://support.microsoft.com/kb/954755
INTRODUCTION
介绍
When a client computer tries to establish server-authenticated Secure Sockets Layer (SSL) connections with an Internet Information Services (IIS) Web server, the server certificate chain is validated on the client computer. For this certificate validation to complete successfully, the intermediate certificates in the server certificate chain must be configured correctly on the server. If these certificates are configured incorrectly, the server authentication may fail. This also applies to any program that uses SSL/ Transport Layer Security (TLS) for authentication.
Impact
影响
Client computers cannot connect to the server that is running IIS. This occurs because the client computers cannot authenticate the servers that do not have intermediate certificates that are configured correctly.
Recommendation
Correctly configure the intermediate certificates on the server. For more information, see the "More information" section.
MORE INFORMATION
更多信息
Technical details
技术细节
X.509 certificate validation consists of several phases. These phases include certificate path discovery and path validation.
As part of certificate path discovery, the intermediate certificates must be located to build the certificate path up to a trusted root certificate. An intermediate certificate is a certificate that is useful in determining if a certificate was ultimately issued by a valid root certification authority (CA). These certificates can be obtained from the cache or from the certificate store on the client computer. Servers can also provide this information to the client computer.
In the SSL negotiation, the server certificate is validated on the client. In this case, the server provides the certificates to the client computer together with the intermediate issuing certificates that the client computer can use to build the certificate path. The complete certificate chain, except for the root certificate, is sent to the client computer.
IIS determines the set of certificates that it sends to clients for TLS/SSL by building a certificate chain of a configured server authentication certificate in the local computer context. The intermediate certificates must be configured correctly by adding them to intermediate CA certificate store in the local computer account on the server.
If a server operator installs an SSL certificate together with the relevant issuing CA certificates, and then the server operator later renews the SSL certificate, the server operator must make sure that the intermediate issuing certificates are updated at the same time.
How to configure intermediate certificates
如何配置中间证书
Open the Certificates Microsoft Management Console (MMC) snap-in. To do this, follow these steps:
At a command prompt, type Mmc.exe.
If you are not running the program as the built-in Administrator, you will be prompted for permission to run the program. In the Windows Security dialog box, click Allow.
On the File menu, click Add/Remove Snap-in.
In the Add or Remove Snap-ins dialog box, click the Certificates snap-in in the Available snap-ins list, click Add, and then click OK.
In the Certificates snap-in dialog box, click Computer account, and then click Next.
In the Select computer dialog box, click Finish.
In the Add or Remove Snap-ins dialog box, click OK.
To add an intermediate certificate, follow these steps:
In the Certificates MMC snap-in, expand Certificates, right-click Intermediate Certification Authorities, point toAll Tasks, and then click Import.
In the Certificate Import Wizard, click Next.
In the File to Import page, type the file name of the certificate that you want to import in the File name box, and then click Next.
Click Next, and then complete the Certificate Import Wizard.
Back to the top | Give Feedback
REFERENCES 引用
For more information about how the CryptoAPI function builds certificate chains and validates revocation status, visit the following Microsoft TechNet Web site:
http://technet.microsoft.com/en-us/library/cc700843.aspx
Support
For a complete list of Microsoft Customer Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:
http://support.microsoft.com/default.aspx?scid=fh;[LN];CNTACTMS
Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.
Security resources
For more information about security in Microsoft products, visit the following Microsoft TechNet Web site:
http://www.microsoft.com/technet/security/default.mspx
Disclaimer
The information that is provided in the Microsoft Knowledge Base article is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Back to the top | Give Feedback
Collapse imageProperties
Article ID: 954755 - Last Review: July 1, 2008 - Revision: 1.1
APPLIES TO
Microsoft Internet Information Services 7.0
Microsoft Internet Information Services 6.0
Microsoft Internet Information Services 5.1
Keywords:
kbhowto kbexpertiseadvanced kbinfo KB954755
Back to the top | Give Feedback
如何配置IIS服务器使用的中间证书( 微软 KB954755)相关推荐
- iis信息服务器win8,win8配置iis服务器
win8配置iis服务器 内容精选 换一换 配置应用系统的跨云热备容灾方案如图1所示.在如图1所示的方案中,用户的生产数据中心的应用系统使用MySQL作为数据库,应用系统与MySQL均热备容灾到华为云 ...
- 服务器2008r2 iis配置asp网站,2008r2配置iis服务器
2008r2配置iis服务器 内容精选 换一换 域名认证时,需要将下载的认证文件上传到网站根目录,然后进行认证.用户使用的服务器不同,文件上传的位置有所不同,请参照以下方法完成认证文件的上传.如果网站 ...
- 在IIS服务器上安装SSL证书
在IIS服务器上安装SSL证书 本页目录 前提条件 操作步骤 相关文档 阿里云SSL证书服务支持下载SSL证书安装到IIS服务器上,从而使IIS服务器支持HTTPS安全访问.本文介绍了证书安装的具体操 ...
- 配置IIS服务器,支持sis、SISX、3GP、APK,CAB、flv等文件下载
配置IIS服务器,支持sis.SISX.3GP.ADP.AMR.JAD.JAR.MMF.MFM.PMD.UMD等文件下载 问:如何开通WAP网站呢,让更多朋友通过手机来浏览的我网站呢? 答:浏览WAP ...
- 前端基础_配置IIS服务器
配置IIS服务器 在应用程序完全离线之前,还需要正确地提供清单文件.清单文件必须有扩展名.manifest和正确的mime-type. 如果使用Apache这样的通用Web服务器,需要找到在AppSe ...
- 在IIS服务器上部署SSL证书(基于阿里云平台)
阿里云部署步骤: 步骤一: 下载文件 1.登录SSL证书控制台. 2.在左侧导航栏,单击SSL证书. 3.定位到已签发的SSL证书,单击操作列下的下载. 4.在证书下载面板,单击IIS服务器类型后的下 ...
- 配置IIS服务器!IIS-网站报500.19错误代码0x8007000d问题解决,处理程序“aspNetCore”在其模块列表中有一个错误模块“AspNetCoreModuleV2“解决
首先安装IIS服务器 启动控制面板, 选择查看方式为"类别": 点击"程序": 点击打开或关闭window功能: 选择Internet信息服务,把FTP服务器和 ...
- 计算机iis配置具体步骤,Win7配置IIS服务器和运行网站 (配详细图示).doc
在Win7中如何安装IIS和如何配置IIS运行网站 Win7中不像XP中那样,Win7系统中将IIS集成于系统中,不需要启动光盘或者第三方服务,按照下面步骤即可完成win7系统对IIS的安装 一 安装 ...
- 配置IIS服务器,支持sis下载
问:如何开通WAP网站呢,让更多朋友通过手机来浏览的我网站呢? 答:浏览WAP网站与WEB网站都是需要服务器端和终端支持的,WEB网站的要求大家一般都知道了, WAP网站需要的服务器只要在WEB服务器 ...
最新文章
- call of overloaded 'round(float)' is ambiguous
- 【Google Play】应用 “更新被拒“ 后续处理 ( 上传新版本后 , 一定要停用被拒的版本, 才可以通过审核 | 停用被拒的版本 | 送审 )
- 界面设计方法(2) — 2.界面的布局
- 9.6 LSMW程序删除操作手册-录屏
- openstack中彻底删除计算节点的操作记录
- 在VBA中使用正则表达式
- keras可视化模型训练过程
- Linux socket等于0,Linux系统环境下的Socket编程详细解析
- Mac OS 加入域
- CnOpenData国际货物贸易数据
- “我培训完JAVA,进了美团,美团氛围特别好,就是送餐特别累”
- 20145322何志威 《Java程序设计》第8周学习总结
- 全国计算机演示文稿,全国计算机统考押题——演示文稿
- 做国外广告联盟赚美刀的5大类项目
- 制作Mac版的星际争霸II(StarCraft II)
- [强化学习一]隐马尔可夫基本概念
- 显卡、显卡驱动、cuda、cudnn 通俗解释及深度学习环境搭建
- HMS Core华为分析丨受众细分,多场景促进精益运营
- anaconda离线安装第三方包
- 渝粤题库 陕西师范大学 《教育法学》作业