自签名证书在本地 IIS 上无法工作

huangapple go评论66阅读模式
英文:

Self signed certificate not working on localhost IIS

问题

我正在本地主机上使用IIS设置一个非常简单的测试站点,需要从https本地访问。我按照以下步骤操作:

  • 在我的本地服务器的IIS中,我创建了一个自签名证书并存储在"Personal"存储中。
  • 我为我的测试站点添加了一个https绑定到这个新证书,主机名是testite,端口是7001。
  • 将条目'127.0.0.1 testsite'添加到hosts文件中。

当我尝试通过浏览器访问https://testsite/index.html时,浏览器返回以下错误:
NET::ERR_CERT_COMMON_NAME_INVALID

如果我在URL中添加端口号,即https://testsite:7001/index.html,仍然出现相同的问题。

有关错误的更多信息显示如下:
此服务器无法证明其为testsite;其安全证书来自Muzz2。这可能是由于配置错误或攻击者拦截您的连接引起的。

英文:

I have am setting up a very simple test site on my localhost under IIS which needs to be accessible locally from https. IU have followed the steps below:

  • In IIS for my local server, I have created a self signed certificate and stored in the "Personal" store
  • I have added a https binding for my test site to this new certificate, the hostname is testite and the port 7001
  • Added the entry '127.0.0.1 testsite' to hosts file.

When I try to access https://testsite/index.html through the browser, the browser returns the following error:
NET::ERR_CERT_COMMON_NAME_INVALID

Same problem soccurs if I add the port number to the url, i.e: https://testsite:7001/index.html

More informatiom on the error shows the following:

This server could not prove that it is testsite; its security certificate is from Muzz2. This may be caused by a misconfiguration or an attacker intercepting your connection.

答案1

得分: 0

解决方案涉及使用PowerShell而不是IIS管理器来生成自签名证书。ISS始终使用计算机名称而不是站点名称作为公共名称。

我使用的PowerShell命令如下:

New-SelfSignedCertificate -DnsName testsite -CertStoreLocation cert:\LocalMachine\My

之后,使用mmc将证书放置在受信任的根证书颁发机构中,并像通常一样在IIS中更新证书绑定。

英文:

The solution involved using Powershell rather than IIS manager to generate the self signed certificate. ISS always used the machine name rather than the sitename as the common name.

The powershell command I used was as follows:

New-SelfSignedCertificate -DnsName testsite -CertStoreLocation cert:\LocalMachine\My

After which mmc was used to place the certificate in the Trusted Root Certification Authorities, and the certificated bindings updated in IIS as you you usually would.

huangapple
  • 本文由 发表于 2023年6月2日 03:46:55
  • 转载请务必保留本文链接:https://go.coder-hub.com/76385236.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定