我有一个外部托管的 iis 网络服务器,我在其中运行我的网站.我想向该网站添加一个自签名证书并在我的本地客户端上信任它,以从浏览器中删除不安全连接".
到目前为止我所做的如下
当我尝试在 Firefox 中打开网站时(使用 ABCD01),我仍然得到您的连接是不安全".我错过了什么?
解决方案有多个问题:
New-SelfSignedCertificate `-DnsName "ABCD01" `-CertStoreLocation "cert:LocalMachineMy" `-FriendlyName测试开发证书"`-TextExtension2.5.29.37={文本}1.3.6.1.5.5.7.3.1"`-KeyUsage DigitalSignature,KeyEncipherment,DataEncipherment `-提供者Microsoft RSA SChannel 加密提供者"`-哈希算法SHA256"
IIS 证书生成器无法使用 Google Chrome 所需的 SAN(主题备用名称)证书扩展生成证书.您必须使用不同的工具来创建测试证书.参考上面的例子.
Google Chrome 使用内置的 Windows 证书存储来建立信任,而 FireFox 使用自己的证书存储.因此,将证书添加到 Windows 证书存储后,您必须手动将测试证书导入 FireFox.
I have an externally hosted iis webserver where i run my website. I would like to add a self signed certificate to this website and trust it on my local client, to remove "Insecure Connection" from the browser.
What i have done so far is the following
When i try to open the website in firefox (using ABCD01), i still get the "Your connection is not secure". What am i missing?
解决方案There are multiple issues:
New-SelfSignedCertificate ` -DnsName "ABCD01" ` -CertStoreLocation "cert:LocalMachineMy" ` -FriendlyName "test dev cert" ` -TextExtension "2.5.29.37={text}1.3.6.1.5.5.7.3.1" ` -KeyUsage DigitalSignature,KeyEncipherment,DataEncipherment ` -Provider "Microsoft RSA SChannel Cryptographic Provider" ` -HashAlgorithm "SHA256"
IIS certificate generator cannot build certificate with SAN (Subject Alternative Names) certificate extension which is required in Google Chrome. You have to use different tools to create test certificates. Look at the example above for reference.
Google Chrome uses built-in Windows Certificate store to establish a trust, while FireFox uses its own certificate store. Therefore, after adding the certificate to Windows certificate store, you have to import your test certificate to FireFox manually.
更多推荐
信任来自 IIS 的自签名证书
发布评论