Настройка шифрования SSL
Secure Sockets Layer (SSL) is the most widely used method for transmitting encrypted data over the Internet. SSL uses public key cryptography to generate and exchange a secret key referred to as the session key. The smart device and Microsoft Internet Information Services (IIS) use the session key to encrypt and decrypt the data they send to one another.
Replication and remote data access (RDA) do not require encryption, but there are circumstances when you might want to use it. For more information, see Разработка системы безопасности сервера.
Microsoft Windows CE maintains a database of trusted Certificate Authorities (CA). When a secure connection is tried, Windows CE extracts the root certificate from the certification chain and checks it against the Certification Authority database. If you issue an IIS server certificate by using your own stand-alone CA, this root certificate is not present in the Windows CE Certification Authority database. Therefore, Windows CE does not trust this IIS server certificate. If you want to use server certificates that you issue yourself, you must either certify your stand-alone CA through one of the trusted certificate authorities or add your stand-alone CA root certificate to the Windows CE Certification Authority database.
The SSL features in IIS cannot be used until you obtain and assign a server certificate to the computer that is running IIS.
SSL Configuration Process
Configuring SSL encryption is a multistep process that involves the following:
- Requesting a server certificate for the computer that is running IIS. If the IIS server already has a server certificate, you can go to step 4.
- Obtaining a server certificate from a certification authority. For more information about obtaining server certificates, see Windows online Help.
- Installing the newly issued server certificate into IIS.
- Enabling SSL encryption.
- Updating the database of trusted Certification Authority on each smart device so it can recognize the server certificate as authentic.
См. также
Основные понятия
Настройка ограничений IP-адресов и имен доменов
Настройка аудита безопасности сервера IIS