[学习windows/记录篇]使用tmg三向外围发布ssl安全的web网站
2013-11-11 22:23
423 查看
环境:一台win2008-1做web和ca服务器、一台2008-2做tmg服务器、一台xp用作外网验证
准备工作:win2008-1网段设为vmnet2(192.168.9.222)网关为192.168.9111
win2008-2网段设为vmnet1 vmnet2(192.168.9.111)vmnet3(1.1.1.1)
其中:vmnet1为内部网络、vmnet2为dmz区域、vmnet3为internet
为win2008-1(web服务器)装iis和ca 注意先装web服务,然后再装ca win2008-2就为tmg服务器
关键截图:
此处略过安装web和ca的过程
注意:本次实验是在上一个发布网站的基础下做的。所以不是很详细。主要关键的安全
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/6d0825f3860584f1a45d09a1873fa86c.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/f626d0a049b83548d1da714e9d26512e.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/f8a20442a11066ee036b3f7aac3585e7.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/a9ef92b0a2055f6cf37b04067e0c4abc.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/e6416938421158989bfa4864090789ce.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/faf9716db2715671afbedd04e2846881.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/eca1ac52d9537c2c122abc80036a103c.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/847bdd9bbbc4266eae190be73b0da0ba.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/edf088aee8f055193604314d58ff2f02.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/9c7517d1b9fae941eebc299b5af49ed9.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/8276532f839f2a2b41863d50a50652d2.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/f9f7aa6f1bfc3eff1fb9941a0c88b251.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/43aa2102eba2228a0754f8e00b6ef7b3.png)
此处的通用名称填写
公网fqdn域名
后面指定的位置是后面用的编码文件
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/5f2acf35a7ddfe579921006b2060be15.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/efcfc630ab2d97cdbee52eade127f904.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/99154129e970369f77bc9331f89922e3.png)
打开微软控制台
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/ba9d3592f56766e93f0a00026bf4e32c.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/df09d670e26b3385c05afda4451908da.png)
添加证书
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/a19752c765a13cd09b1b2a7c47cef534.png)
讲用户证书到处,放置到tmg服务器。
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/c96a20546a54af3b2e4e6419088b1336.png)
到处私钥
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/93e01d09b58a19794add5d67615c16ca.png)
设置密码,导入时需要
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/75dc28ae3e294493ce24eb570ae8aed8.png)
tmg服务器上同样打开mmc微软控制台添加证书并将导出的证书文件放置服务器上
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/d48ea4ad2733bfb8b70b76c7c7eafac2.png)
导入个人证书
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/1e8945509dd3f7e6251eb2e48c364079.png)
没有信任ca 所以不可用 还要导入ca证书。
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/a31e69c1fd039d5a5f7994628a049bce.png)
不能用拷贝,可以上网站 做好访问策略
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/7411b5196a7217ddc173091c7eb2eaed.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/d1e6d9a22ea560971a9d5134427c119e.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/eee7149a0a57cc5a0d3f813757e346d2.png)
导入即可
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/382fa939f72238914d4c7212b01c48f5.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/a444fb6198e269ddc13ae750cf9cdb28.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/0f9afc5ead4a8503f6934130676af51e.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/6488c8cc26004fc9b23e27a483d45367.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/802c407a1586e96ebda0f7e282d6bd15.png)
不要忘记给网站绑定
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/5e983ed4f22ec34695ce3ddae0ed62c1.png)
验证结束
准备工作:win2008-1网段设为vmnet2(192.168.9.222)网关为192.168.9111
win2008-2网段设为vmnet1 vmnet2(192.168.9.111)vmnet3(1.1.1.1)
其中:vmnet1为内部网络、vmnet2为dmz区域、vmnet3为internet
为win2008-1(web服务器)装iis和ca 注意先装web服务,然后再装ca win2008-2就为tmg服务器
关键截图:
此处略过安装web和ca的过程
注意:本次实验是在上一个发布网站的基础下做的。所以不是很详细。主要关键的安全
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/6d0825f3860584f1a45d09a1873fa86c.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/f626d0a049b83548d1da714e9d26512e.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/f8a20442a11066ee036b3f7aac3585e7.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/a9ef92b0a2055f6cf37b04067e0c4abc.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/e6416938421158989bfa4864090789ce.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/faf9716db2715671afbedd04e2846881.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/eca1ac52d9537c2c122abc80036a103c.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/847bdd9bbbc4266eae190be73b0da0ba.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/edf088aee8f055193604314d58ff2f02.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/9c7517d1b9fae941eebc299b5af49ed9.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/8276532f839f2a2b41863d50a50652d2.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/f9f7aa6f1bfc3eff1fb9941a0c88b251.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/43aa2102eba2228a0754f8e00b6ef7b3.png)
此处的通用名称填写
公网fqdn域名
后面指定的位置是后面用的编码文件
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/5f2acf35a7ddfe579921006b2060be15.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/efcfc630ab2d97cdbee52eade127f904.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/99154129e970369f77bc9331f89922e3.png)
打开微软控制台
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/ba9d3592f56766e93f0a00026bf4e32c.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/df09d670e26b3385c05afda4451908da.png)
添加证书
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/a19752c765a13cd09b1b2a7c47cef534.png)
讲用户证书到处,放置到tmg服务器。
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/c96a20546a54af3b2e4e6419088b1336.png)
到处私钥
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/93e01d09b58a19794add5d67615c16ca.png)
设置密码,导入时需要
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/75dc28ae3e294493ce24eb570ae8aed8.png)
tmg服务器上同样打开mmc微软控制台添加证书并将导出的证书文件放置服务器上
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/d48ea4ad2733bfb8b70b76c7c7eafac2.png)
导入个人证书
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/1e8945509dd3f7e6251eb2e48c364079.png)
没有信任ca 所以不可用 还要导入ca证书。
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/a31e69c1fd039d5a5f7994628a049bce.png)
不能用拷贝,可以上网站 做好访问策略
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/7411b5196a7217ddc173091c7eb2eaed.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/d1e6d9a22ea560971a9d5134427c119e.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/eee7149a0a57cc5a0d3f813757e346d2.png)
导入即可
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/382fa939f72238914d4c7212b01c48f5.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/a444fb6198e269ddc13ae750cf9cdb28.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/0f9afc5ead4a8503f6934130676af51e.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/6488c8cc26004fc9b23e27a483d45367.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/802c407a1586e96ebda0f7e282d6bd15.png)
不要忘记给网站绑定
![](https://oscdn.geek-share.com/Uploads/Images/Content/201311/5e983ed4f22ec34695ce3ddae0ed62c1.png)
验证结束
相关文章推荐
- [学习windows/记录篇]使用TMG防火墙发布网站服务器
- TMG学习(八),发布内网安全Web站点-桥接模式
- Nginx学习-2 使用Nginx搭建HTML web服务器 实现SSL证书安全访问
- 网站发布问题及使用Web Deployment Projects
- 使用ISA Server 2006发布Exchange Server 2007安全的Web、安全的OWA和Outlook Anyw
- 使用WebDeployment Project改善VS2005发布网站问题
- 使用WebDeployment Project改善VS2005发布网站问题
- VS2015 使用 Web Deploy 发布网站到 WindowsServer2008 R2服务器详解
- 实战:使用数字证书确保Web网站数据传输安全
- 关于再做发布安全web网站时有关证书方面的注意
- 使用WebDeployment Project改善VS2005发布网站问题 (二) 视频演示
- 在 Web 容器中使用 Spring + CXF 发布 WS(二) --SOAP 及其安全控制
- TMG学习(五),发布内网Web站点服务器
- Windows Server搭建SSL 安全Web网站
- vs2010使用WebDeploymentSetup.msi发布website网站
- 使用WebDeployment Project改善VS2005发布网站问题
- Linux学习之web服务器(1)--基于源码实现SSL的安全连接
- 使用WebDeployment Project改善VS2005发布网站
- 在IIS上如何发布HTTPS网站,SSL安全服务配置
- 使用WebDeployment Project改善VS2005发布网站问题 (一) 基础