zoukankan      html  css  js  c++  java
  • Windows Server 2008 R2 下配置TLS1.2,添加自签名证书

    前言

    2017年1月1日起App Store上的所有App应用将强制开启ATS功能。
    
    苹果的ATS(App Transport Security)对服务器硬性3点要求:
    
    ① ATS要求TLS1.2或者更高,TLS 是 SSL 新的别称。
    
    ② 通讯中的加密套件配置要求支持列出的正向保密。
    
    ③ 数字证书必须使用sha256或者更高级的签名哈希算法,并且保证密钥是2048位及以上的RSA密钥或者256位及以上的ECC密钥。

    由于领导舍不得花钱,只能辛苦我们自己搞个不花钱的证书。在网上找了一大堆各种配置证书服务的文章,在ios端运行的时候总是直接报错,很是费解,后来注意到必须是TLS1.2或者更高的版本,而按照网上的配置弄好后都是ssl1.0,根本原因没有解决。所以必须先升级服务器ssl的版本,这个升级的文章很多,有用的不多。在这里整理下找到的资料,供大家参考。注意:证书服务可以不用安装,升级ssl后即可正常访问。

    1.首先打开服务器组策略,命令行输入gpedit.msc,找到ssl配置设置,双击ssl密码套件顺序,选择已启用,并保存。准备工作完成!

    2.在下面选择您需要的配置并复制,打开Powershell直接粘贴。最后会提示是否重启服务器,输入Y会直接重启,根据自己的情况而定吧,重启后生效哦~

    2.1. configure your IIS server with Perfect Forward Secrecy and TLS 1.2:

    # Copyright 2016, Alexander Hass
    # http://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12
    #
    # Version 1.7
    # - Windows Version compare failed. Get-CimInstance requires Windows 2012 or later.
    # Version 1.6
    # - OS version detection for cipher suites order.
    # Version 1.5
    # - Enabled ECDH and more secure hash functions and reorderd cipher list.
    # - Added Client setting for all ciphers.
    # Version 1.4
    # - RC4 has been disabled.
    # Version 1.3
    # - MD5 has been disabled.
    # Version 1.2
    # - Re-factored code style and output
    # Version 1.1
    # - SSLv3 has been disabled. (Poodle attack protection)
     
    Write-Host 'Configuring IIS with SSL/TLS Deployment Best Practices...'
    Write-Host '--------------------------------------------------------------------------------'
     
    # Disable Multi-Protocol Unified Hello
    New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsMulti-Protocol Unified HelloServer' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsMulti-Protocol Unified HelloServer' -name Enabled -value 0 -PropertyType 'DWord' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsMulti-Protocol Unified HelloServer' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null
    New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsMulti-Protocol Unified HelloClient' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsMulti-Protocol Unified HelloClient' -name Enabled -value 0 -PropertyType 'DWord' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsMulti-Protocol Unified HelloClient' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null
    Write-Host 'Multi-Protocol Unified Hello has been disabled.'
     
    # Disable PCT 1.0
    New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsPCT 1.0Server' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsPCT 1.0Server' -name Enabled -value 0 -PropertyType 'DWord' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsPCT 1.0Server' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null
    New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsPCT 1.0Client' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsPCT 1.0Client' -name Enabled -value 0 -PropertyType 'DWord' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsPCT 1.0Client' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null
    Write-Host 'PCT 1.0 has been disabled.'
     
    # Disable SSL 2.0 (PCI Compliance)
    New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Server' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Server' -name Enabled -value 0 -PropertyType 'DWord' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Server' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null
    New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Client' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Client' -name Enabled -value 0 -PropertyType 'DWord' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Client' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null
    Write-Host 'SSL 2.0 has been disabled.'
     
    # NOTE: If you disable SSL 3.0 the you may lock out some people still using
    # Windows XP with IE6/7. Without SSL 3.0 enabled, there is no protocol available
    # for these people to fall back. Safer shopping certifications may require that
    # you disable SSLv3.
    #
    # Disable SSL 3.0 (PCI Compliance) and enable "Poodle" protection
    New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 3.0Server' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 3.0Server' -name Enabled -value 0 -PropertyType 'DWord' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 3.0Server' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null
    New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 3.0Client' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 3.0Client' -name Enabled -value 0 -PropertyType 'DWord' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 3.0Client' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null
    Write-Host 'SSL 3.0 has been disabled.'
     
    # Add and Enable TLS 1.0 for client and server SCHANNEL communications
    New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Server' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Server' -name 'Enabled' -value '0xffffffff' -PropertyType 'DWord' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Server' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null
    New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Client' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Client' -name 'Enabled' -value '0xffffffff' -PropertyType 'DWord' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Client' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null
    Write-Host 'TLS 1.0 has been enabled.'
     
    # Add and Enable TLS 1.1 for client and server SCHANNEL communications
    New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1Server' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1Server' -name 'Enabled' -value '0xffffffff' -PropertyType 'DWord' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1Server' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null
    New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1Client' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1Client' -name 'Enabled' -value '0xffffffff' -PropertyType 'DWord' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1Client' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null
    Write-Host 'TLS 1.1 has been enabled.'
     
    # Add and Enable TLS 1.2 for client and server SCHANNEL communications
    New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server' -name 'Enabled' -value '0xffffffff' -PropertyType 'DWord' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null
    New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client' -name 'Enabled' -value '0xffffffff' -PropertyType 'DWord' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null
    Write-Host 'TLS 1.2 has been enabled.'
     
    # Re-create the ciphers key.
    New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphers' -Force | Out-Null
     
    # Disable insecure/weak ciphers.
    $insecureCiphers = @(
      'DES 56/56',
      'NULL',
      'RC2 128/128',
      'RC2 40/128',
      'RC2 56/128',
      'RC4 40/128',
      'RC4 56/128',
      'RC4 64/128',
      'RC4 128/128'
    )
    Foreach ($insecureCipher in $insecureCiphers) {
      $key = (Get-Item HKLM:).OpenSubKey('SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphers', $true).CreateSubKey($insecureCipher)
      $key.SetValue('Enabled', 0, 'DWord')
      $key.close()
      Write-Host "Weak cipher $insecureCipher has been disabled."
    }
     
    # Enable new secure ciphers.
    # - RC4: It is recommended to disable RC4, but you may lock out WinXP/IE8 if you enforce this. This is a requirement for FIPS 140-2.
    # - 3DES: It is recommended to disable these in near future. This is the last cipher supported by Windows XP.
    # - Windows Vista and before 'Triple DES 168' was named 'Triple DES 168/168' per https://support.microsoft.com/en-us/kb/245030
    $secureCiphers = @(
      'AES 128/128',
      'AES 256/256',
      'Triple DES 168'
    )
    Foreach ($secureCipher in $secureCiphers) {
      $key = (Get-Item HKLM:).OpenSubKey('SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphers', $true).CreateSubKey($secureCipher)
      New-ItemProperty -path "HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphers$secureCipher" -name 'Enabled' -value '0xffffffff' -PropertyType 'DWord' -Force | Out-Null
      $key.close()
      Write-Host "Strong cipher $secureCipher has been enabled."
    }
     
    # Set hashes configuration.
    New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELHashes' -Force | Out-Null
    New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELHashesMD5' -Force | Out-Null
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELHashesMD5' -name Enabled -value 0 -PropertyType 'DWord' -Force | Out-Null
     
    $secureHashes = @(
      'SHA',
      'SHA256',
      'SHA384',
      'SHA512'
    )
    Foreach ($secureHash in $secureHashes) {
      $key = (Get-Item HKLM:).OpenSubKey('SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELHashes', $true).CreateSubKey($secureHash)
      New-ItemProperty -path "HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELHashes$secureHash" -name 'Enabled' -value '0xffffffff' -PropertyType 'DWord' -Force | Out-Null
      $key.close()
      Write-Host "Hash $secureHash has been enabled."
    }
     
    # Set KeyExchangeAlgorithms configuration.
    New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELKeyExchangeAlgorithms' -Force | Out-Null
    $secureKeyExchangeAlgorithms = @(
      'Diffie-Hellman',
      'ECDH',
      'PKCS'
    )
    Foreach ($secureKeyExchangeAlgorithm in $secureKeyExchangeAlgorithms) {
      $key = (Get-Item HKLM:).OpenSubKey('SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELKeyExchangeAlgorithms', $true).CreateSubKey($secureKeyExchangeAlgorithm)
      New-ItemProperty -path "HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELKeyExchangeAlgorithms$secureKeyExchangeAlgorithm" -name 'Enabled' -value '0xffffffff' -PropertyType 'DWord' -Force | Out-Null
      $key.close()
      Write-Host "KeyExchangeAlgorithm $secureKeyExchangeAlgorithm has been enabled."
    }
     
    # Set cipher suites order as secure as possible (Enables Perfect Forward Secrecy).
    $os = Get-WmiObject -class Win32_OperatingSystem
    if ([System.Version]$os.Version -lt [System.Version]'10.0') {
      Write-Host 'Use cipher suites order for Windows 2008R2/2012/2012R2.'
      $cipherSuitesOrder = @(
        'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521',
        'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384',
        'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256',
        'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521',
        'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384',
        'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256',
        'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521',
        'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384',
        'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256',
        'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521',
        'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384',
        'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256',
        'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521',
        'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384',
        'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521',
        'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384',
        'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256',
        'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521',
        'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384',
        'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521',
        'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384',
        'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256',
        'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521',
        'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384',
        'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256',
        'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521',
        'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384',
        'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256',
        'TLS_RSA_WITH_AES_256_GCM_SHA384',
        'TLS_RSA_WITH_AES_128_GCM_SHA256',
        'TLS_RSA_WITH_AES_256_CBC_SHA256',
        'TLS_RSA_WITH_AES_128_CBC_SHA256',
        'TLS_RSA_WITH_AES_256_CBC_SHA',
        'TLS_RSA_WITH_AES_128_CBC_SHA',
        'TLS_RSA_WITH_3DES_EDE_CBC_SHA'
      )
    }
    else {
      Write-Host 'Use cipher suites order for Windows 10/2016 and later.'
      $cipherSuitesOrder = @(
        'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
        'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
        'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384',
        'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256',
        'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA',
        'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA',
        'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
        'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
        'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384',
        'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256',
        'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA',
        'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA',
        'TLS_RSA_WITH_AES_256_GCM_SHA384',
        'TLS_RSA_WITH_AES_128_GCM_SHA256',
        'TLS_RSA_WITH_AES_256_CBC_SHA256',
        'TLS_RSA_WITH_AES_128_CBC_SHA256',
        'TLS_RSA_WITH_AES_256_CBC_SHA',
        'TLS_RSA_WITH_AES_128_CBC_SHA',
        'TLS_RSA_WITH_3DES_EDE_CBC_SHA'
      )
    }
    $cipherSuitesAsString = [string]::join(',', $cipherSuitesOrder)
    # One user reported this key does not exists on Windows 2012R2. Cannot repro myself on a brand new Windows 2012R2 core machine. Adding this just to be save.
    New-Item 'HKLM:SOFTWAREPoliciesMicrosoftCryptographyConfigurationSSL0010002' -ErrorAction SilentlyContinue
    New-ItemProperty -path 'HKLM:SOFTWAREPoliciesMicrosoftCryptographyConfigurationSSL0010002' -name 'Functions' -value $cipherSuitesAsString -PropertyType 'String' -Force | Out-Null
     
    Write-Host '--------------------------------------------------------------------------------'
    Write-Host 'NOTE: After the system has been rebooted you can verify your server'
    Write-Host '      configuration at https://www.ssllabs.com/ssltest/'
    Write-Host "--------------------------------------------------------------------------------`n"
     
    Write-Host -ForegroundColor Red 'A computer restart is required to apply settings. Restart computer now?'
    Restart-Computer -Force -Confirm

    2.2 iisresetssltoweakdefaults

    # Copyright 2016, Alexander Hass
    # http://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12
    #
    # Version 1.0
    # - Rollback script created.
     
    Write-Host 'Reset IIS to weak and insecure SSL defaults...'
    Write-Host '--------------------------------------------------------------------------------'
    
    New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphers' -Force
    New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCipherSuites' -Force
    New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELHashes' -Force
    New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELKeyExchangeAlgorithms' -Force
    New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocols' -Force
    
    New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Client' -Force
    New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Client' -name DisabledByDefault -value 1 -PropertyType 'DWord'
    
    New-Item 'HKLM:SOFTWAREPoliciesMicrosoftCryptographyConfigurationSSL0010002' -Force
    
    Restart-Computer -Force
     

    3.最后配置IIS站点,添加ssl自签名证书,站点绑定https,并选择刚添加的自签名证书即可。

    4.全程无需给服务器安装证书服务,ios客户端证书校验时默认全部通过即可,如果对安全要求严格的客户端可导入证书做校验。

  • 相关阅读:
    地址栏访问Action,后来方法执行两次
    转:Android中的Selector的用法
    转:android 自定义RadioButton样式
    Android中@id与@+id区别
    INSTALL_PARSE_FAILED_MANIFEST_MALFORMED 错误
    Supervisor
    mysql 赋予权限连接
    定时任务
    git 提交代码五部曲
    Mysql 之事物
  • 原文地址:https://www.cnblogs.com/huzhenchao/p/6212241.html
Copyright © 2011-2022 走看看