我已经为我的网站申请了一个免费证书,并在证书库中成功安装了该证书。并且CN和我的域一样(发给mydomain)。
我还设置了站点绑定(bind)并使用免费证书添加了 https 绑定(bind)。
端口 443 对入站和出站均开放。
Windows 网络故障排除检测到资源(我的域)在线但未响应连接尝试。
但我仍然收到来自浏览器的ERR_CONNECTION_TIMED_OUT错误。
我是否遗漏了任何步骤?如何在 IIS 中启用 https?
2018 年 11 月 14 日更新
我已经使用@Lex Li 建议的JexusManager 运行了绑定(bind)诊断和 SSL 诊断,并获得了如下更多信息:
绑定(bind)诊断:
BINDING: https *:443:whatever.com
This site can take external traffic if,
TCP port 443 must be opened on Windows Firewall (or any other equivalent products).
Requests from web browsers must be routed to following end points on this machine,
- [::1]:443.
- My.private.IP.address:443.
This site can take local traffic at 127.0.0.1:443.
This site can take local traffic at [::1]:443.
- Web browsers should use URL https://whatever.com:443. Requests must have Host header of "whatever.com". Start DNS query for whatever.com. DNS Query returns 1 result(s).
- 127.0.0.1
Binding Diagnostics does not verify certificates and other SSL/TLS related settings.
Please run SSL Diagnostics at server level to analyze SSL/TLS configuration.
然后我按如下方式运行 SSL 诊断:
BINDING: https *:443:whatever.com
SSLCertHash: 2962cd5b2b450403bce520169c268de1f17a6216
SSL Flags: None
Testing EndPoint: 127.0.0.1
CertName: whatever.com
Version: 3
You have a private key that corresponds to this certificate.
Signature Algorithm: sha256RSA
Key Exchange Algorithm: RSA-PKCS1-KeyEx Key Size: 2048
Subject: CN=whatever.com
Issuer: CN=TrustAsia TLS RSA CA, OU=Domain Validated SSL, O="TrustAsia
Technologies, Inc.", C=CN
Validity: From 11/11/2018 4:00:00 PM To 11/12/2019 4:00:00 AM
Serial Number: 0B365B8ABC8118CD7F818FD5B7BB485C
DS Mapper Usage: Disabled
Archived: False
Subject Alternative Name: DNS Name=whatever.com DNS Name=www.whatever.com
Key Usage: KeyEncipherment, DigitalSignature
Enhanced Key Usage: Server Authentication (1.3.6.1.5.5.7.3.1),Client
Authentication (1.3.6.1.5.5.7.3.2)
Basic Constraints: Subject Type=End Entity, Path Length Constraint=None
Certificate verified.
而且,我还运行了一个 SLL 检查器,它返回:
whatever.com resolves to My.Public.IP.Address
Server Type: Microsoft-IIS/8.5
No SSL certificates were found on whatever.com. Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on your server's firewall.
证书通过了 SSL 诊断,但存在一些问题。我没明白。如何为我的站点启用 https 协议(protocol)?非常感谢!
最佳答案
问题已解决。
正如@John Wu 所说,这不是编程问题,而是网关问题。
首先,证书没有问题,服务器/防火墙设置也没有问题。
问题出在云服务商的网络网关阻塞了443端口出入。就我而言,我使用的是 AliCloud 服务器,它阻止了从公共(public)网络通过 443 端口的所有请求。这就是为什么我只能通过服务器上的浏览器访问 SSL 网站的原因。
解决方法很简单。唯一需要做的就是通知云服务商开放443端口。就我而言,我只是在云服务器的控制面板中添加了 443/443 端口授权,然后一切都修复了。
关于asp.net - 如何在 IIS 中启用 https?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/53292302/