https憑證套了還是不安全? 用 mmc 產生憑證請求檔,並從 Windows AD 憑證服務取得憑證完成檔
前言
最近被要求內網的所有 http 服務都要改 https ,對於網站開發來說算是習以為常的事,只要內部有準備好憑證申請的主機,就每台主機都照流程跑一次就好。
原本我是參考 hinet 的 Windows IIS 10.0 SSL憑證請求檔製作與憑證安裝手冊 ,之前在其他外部網站申請的憑證沒什麼問題,但這次在內網卻發生只有 IE 能認可憑證, chrome 認為不安全。
檢查後,在 余小章 @ 大內殿堂 的 請求可被 Chrome 瀏覽器信任的 Web 憑證 這篇找到 Chrome 信任憑證的條件,也因為 IIS圖形介面申請的憑證沒有辦法手動寫上 DNS 這個欄位,所以需要透過 Microsoft管理主控台 Microsoft Management Console (MMC) 來建立,因此這篇會逐一說明如何開啟 MMC 直到完成 https 憑證安裝的圖文過程。
開始功能表搜尋輸入 mmc 開啟
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
開啟憑證單元的視窗
- 檔案>新增/移除嵌入式單元 Ctrl+M
- 新視窗拉到最下面選 憑證
- 點擊正中間的 新增
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
選擇 電腦帳戶>本機電腦
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
右邊的視窗有憑證後按確定
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
憑證>個人>憑證>右邊空白處>所有工作>進階操作>建立自訂要求
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
這些都下一步
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
憑證資訊右邊的詳細資料箭頭 展開 按內容
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
憑證註冊內容
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
在剛剛按內容的的憑證註冊視窗按下一步到下一個視窗
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
瀏覽選擇檔案位置和名稱
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
用記事本打開檔案 複製這串base64
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
點擊 要求憑證 > 進階憑證要求
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
把 base64 字貼進去,並選擇適合的憑證範本
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
特殊情形
- 如果是不同的 WindowsAD 帳號,可能看到的憑證範本會不一樣,請聯絡AD憑證服務管理員開啟權限。
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
憑證要求被拒 被原則模組拒絕
安裝憑證
- 填完後下載憑證,下載後在本機電腦安裝憑證
- 安裝完就可以到網頁伺服器IIS掛載憑證
- 掛載完就全部完成了,可以到 Chrome 檢查網站憑證是否已經顯示為安全
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
參考文章
HackMD