Tech Thursday: How to Install an SSL Certificate in IIS

Tech Thursday: How to Install an SSL Certificate in IIS

Once you have a security certificate configured for Exchange, it’s time to start looking at other places where you need to install a cert. Internet Information Services (IIS) is used by many businesses to host Intranet apps and external web pages. This guide will show you how to request and install a certificate in IIS versions 7 through 10, for Windows Server 2008 to 2016.

Create a Certificate Request

First, you’ll need to create the Certificate Signing Request. This can then be sent to a Certificate Authority to create a signed, trusted certificate.

Open IIS Manager, then click the server name in the left-hand pane. Double click the Server Certificates icon. This will open the Server Certificates page.

In the right-hand Actions pane, click “Create Certificate Request…” This will open the Request Certificate wizard.

You’ll be prompted to enter “Distinguished Name Information”. This is where you enter the details of the certificate and your company -- who the cert will be issued to.

The Common Name needs to match exactly the URL of the website that the cert will protect, for example, www.yourcompany.com. Enter the name of your company in the Organization field, and the location of your company in the other fields. The organizational unit usually isn’t important, and can be left blank. Click Next.

Choose Microsoft RSA SChannel Cryptographic Provider, and then choose a bit length for the key. You may need to check with your CA to find out what bit length options they offer -- however 2048 should be the minimum.

Click Next again, and then choose a location to save the certificate signing request. Click Finish.

Once you have the CSR, send that to your certificate authority so that they can generate the certificate for you.

Install the SSL Certificate in IIS

Once you have received the certificate from the CA, you’ll need to install it and configure IIS to use it for SSL requests.

Return to the Server Certificates page in IIS Manager. In the Actions pane, choose “Complete Certificate Request…” This will open the Complete Certificate Request wizard.

In the File name containing the certificate authority’s response box, browse to the certificate file that the CA sent you. Then, give the certificate a friendly name. This should be something that will help you distinguish between multiple certificates -- we recommend including the issuer (CA) and the expiration date in this name. Then, in the Select a certificate store dropdown, choose “Web Hosting”. Finally, click OK.

Configure IIS to Use the SSL Certificate

Next, we need to configure IIS to listen for SSL requests using the new certificate. In IIS manager, in the left-hand Connection pane, expand the server name, and then expand Sites. Click Default Web Site. In the right-hand Actions pane, click Bindings.

This will open the Site Bindings window. Click the Add button. For Type, choose https, and choose All Unassigned for IP address. Enter 443 in the Port field.

Finally, in the SSL Certificate dropdown, choose the name of the certificate that you just installed.

Once that’s done, your website should now be available over HTTPS. Browse to it and verify that it is marked as secure and presenting the certificate you installed.

 

E-N Computers is here to help you with all of your IT needs. Contact us today to find out how we can help you to keep your critical business apps secure from the latest threats.