windows IIS6:从命令行创建/安装 SSL 自签名证书
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7084466/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
IIS6: Create/install SSL self-signed cert from command line
提问by chief7
I want to automate the setup of SSL for a website in IIS6. It appears selfSSL and certutil can be used to do this but certificates are new to me and I'm unsure how to put them together.
我想在 IIS6 中为网站自动设置 SSL。看来 selfSSL 和 certutil 可用于执行此操作,但证书对我来说是新的,我不确定如何将它们组合在一起。
From what I understand I need to:
据我了解,我需要:
- create a certificate
- assign the certificate to the website
- add a secure (SSL/443) binding to the website
- 创建证书
- 将证书分配给网站
- 向网站添加安全 (SSL/443) 绑定
I would also like to avoid creating a new certificate if the site cert has already been created. That way I don't end up with a bunch of redudant certs.
如果已经创建了站点证书,我还想避免创建新证书。这样我就不会得到一堆冗余证书。
回答by Goyuix
I would suggest you look at the IIS 6 Resource Kit: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=17275
我建议您查看 IIS 6 Resource Kit:http: //www.microsoft.com/download/en/details.aspx?displaylang=en& id=17275
There is a tool in the resource kit called selfssl.exe- it automates the creation, assignment and even trusting of the newly created certificate. We use it quite a bit where I work to ensure that our dev boxes have certificates we can use during testing/development.
资源工具包中有一个名为selfssl.exe的工具- 它可以自动创建、分配甚至信任新创建的证书。我们在我工作的地方经常使用它来确保我们的开发箱具有我们可以在测试/开发期间使用的证书。
Here is the command line we use - it will create the cert (for localhost) using a key-size of 1024, trust it, and make it valid for ~10 years:
这是我们使用的命令行 - 它将使用 1024 的密钥大小创建证书(用于本地主机),信任它,并使其有效约 10 年:
selfssl.exe /T /N:CN=localhost /K:1024 /V:3650
If you are hosting multiple sites, you will need to use the /Sparameter to specify the site id you want to add the certificate to.
如果您托管多个站点,则需要使用该/S参数指定要将证书添加到的站点 ID。
Note: this also works like a champ with IIS 5 on WinXP, but I have never tried it on any of the IIS 7 family.
注意:这也像 WinXP 上的 IIS 5 冠军一样工作,但我从未在任何 IIS 7 系列上尝试过。
回答by Mrchief
If you're using Wixfor authoring your setup, then running this CustomAction(which simply runs SelfSSL) will do the trick for you:
如果您使用Wix来创作您的设置,那么运行这个CustomAction(它只是运行SelfSSL)将为您解决问题:
<CustomAction Id="InstallCert"
ExeCommand="selfssl.exe /N:CN=fqdn.myserver.com /V:365" />
<InstallExecuteSequence>
<Custom Action="InstallCert" After="InstallFinalize" />
</InstallExecuteSequence>
This action will:
此操作将:
- Generate the certificate
- Install the certificate to
Default Web Site - Add the https binding
- 生成证书
- 将证书安装到
Default Web Site - 添加https绑定
Command line explained:
命令行解释:
/N:CN=[fully qualified server name]
/V: = Validity in days (365 in my example)
You can specify port with /P:[port number]switch. The default is 443 which is what you want so you can leave it out.
您可以使用/P:[port number]交换机指定端口。默认值为 443,这是您想要的,因此您可以将其省略。
Caveat: There seems to be bug with SelfSSL which seems to have been resolved.
警告:似乎已经解决了 SelfSSL 的错误。
If you still run into it, alternative is to switch to SSLDiagtool which has a similar syntax:
如果您仍然遇到它,替代方法是切换到SSLDiag具有类似语法的工具:
SSLDiag.exe /selfssl /n:CN=fqdn.myserver.com /v:365
I do not have experience with other setup authoring tools (InstallShield etc.) but I'm sure they have provisions to run commandline programs. Worst case, you can run this through a batch file!
我没有使用其他设置创作工具(InstallShield 等)的经验,但我确信他们有运行命令行程序的规定。最坏的情况是,您可以通过批处理文件运行它!
Hope this helps.
希望这可以帮助。
