我有一个外部托管的iis网络服务器,我运行我的网站。我想在本网站上添加一个自签名证书,并在我的本地客户端上信任它,从浏览器中删除不安全连接。
I have an externally hosted iis webserver where i run my website. I would like to add a self signed certificate to this website and trust it on my local client, to remove "Insecure Connection" from the browser.
我做了什么远是以下
当我尝试在firefox中打开网站时(使用 https:// ABCD01 ),我仍然得到你的连接不安全。我缺少什么?
When i try to open the website in firefox (using ABCD01), i still get the "Your connection is not secure". What am i missing?
推荐答案有多个问题:
New-SelfSignedCertificate ` -DnsName "ABCD01" ` -CertStoreLocation "cert:\LocalMachine\My" ` -FriendlyName "test dev cert" ` -TextExtension "2.5.29.37={text}1.3.6.1.5.5.7.3.1" ` -KeyUsage DigitalSignature,KeyEncipherment,DataEncipherment ` -Provider "Microsoft RSA SChannel Cryptographic Provider" ` -HashAlgorithm "SHA256"
IIS证书生成器无法构建具有SAN浏览器所需的SAN(使用者备用名称)证书扩展名的证书。您必须使用不同的工具来创建测试证书。请查看上面的示例以供参考。
IIS certificate generator cannot build certificate with SAN (Subject Alternative Names) certificate extension which is required in Google Chrome. You have to use different tools to create test certificates. Look at the example above for reference.
Google Chrome使用内置Windows证书存储来建立信任,而FireFox使用自己的证书存储。因此,将证书添加到Windows证书存储区后,您必须手动将测试证书导入FireFox。
Google Chrome uses built-in Windows Certificate store to establish a trust, while FireFox uses its own certificate store. Therefore, after adding the certificate to Windows certificate store, you have to import your test certificate to FireFox manually.
更多推荐
信任来自IIS的自签名证书
发布评论