2.2 iisresetssltoweakdefaults
# Copyright 2016, Alexander Hass # http://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12 # # Version 1.0 # - Rollback script created. Write-Host 'Reset IIS to weak and insecure SSL defaults...' Write-Host '--------------------------------------------------------------------------------' New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphers' -Force New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCipherSuites' -Force New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELHashes' -Force New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELKeyExchangeAlgorithms' -Force New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocols' -Force New-Item 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Client' -Force New-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Client' -name DisabledByDefault -value 1 -PropertyType 'DWord' New-Item 'HKLM:SOFTWAREPoliciesMicrosoftCryptographyConfigurationSSL�0010002' -Force Restart-Computer -Force
3.最后配置IIS站点,添加ssl自签名证书,站点绑定https,并选择刚添加的自签名证书即可。
4.全称无需给服务器安装证书服务,ios客户端证书校验时默认全部通过即可,如果对安全要求严格的客户端可导入证书做校验。
