IIS SSL Certificates - jamesperrin/developer-training-resources GitHub Wiki

Table of Contents

Generating SSL Certificate Signing Request (CSR)

  1. Login into the Windows Server.
  2. Click on the Windows Start Menu button.
  3. Scroll down and click on Windows Administration Tools to expand.
  4. Select and Open Internet Information Services (IIS) Manager
  5. In the left menu, under Connections, click on the server's name.
  6. In the displayed Features View, under the IIS section, double-click on Server Certificates.
  7. In the right menu, under Actions, click on Create Certificate Request.
  8. Provide the following information for the Distinguished Name Properties.
    1. Common name: www.example.com
    2. Organization: Your Company, Inc
    3. Organization Unit: IT
    4. City/Locality: Seattle
    5. State/Province: WA
    6. Country/Region: US
  9. Click Next
  10. Update the information for the Cryptograhic Service Provider Properties
    1. Cryptographic service provider: Microsoft RSA SChannel Cryptographic Provider
    2. Bit length: 2048
  11. Click Next
  12. Save the CSR to a file.
    1. Click on the Ellipsis icon [...].
    2. Select a location to save the CSR file.
      • Example: E:\certs
    3. For file name: www.example.com_YYYYMMDD.txt
  13. Click Finish

Installing SSL Certificate

  1. Login into the Windows Server.
  2. Navigate to a working folder location.
    • Example: E:\certs
  3. Create and Open a file called www.example.com_YYYYMMDD.cer
  4. Paste in the contents from a Base64 encoded X.509 digital certificate .cer file into the file www.example.com_YYYYMMDD.cer.
  5. Save and close the file www.example.com_YYYYMMDD.cer.
  6. Click on the Windows Start Menu button.
  7. Scroll down to Windows Administration Tools, expand Windows Administration Tools
  8. Select Internet Information Services (IIS) Manager
  9. In the left menu, under Connections, click on the server's name.
  10. In the displayed Features View, under the IIS section, double-click on Server Certificates.
  11. In the right menu, under Actions, click on Complete Certificate Request.
    1. The Specify Certificate Authority Response dialogue will be displayed.
      1. File name containing the certification authority's response:
        1. Click on the Ellipsis icon [...].
          1. Navigate to the location of the new CER file.
          2. Select the new CER file. E:\certs\www.example.com_YYYYMMDD.cer
          3. Click Open.
      2. Friendly name: www.example.com_YYYYMMDD
      3. Select a certificate store for the new certificate: Personal
      4. Click OK
  12. In the left menu, under Connections, click on Sites
  13. In the listed Features View, click on Default Web Site.
  14. In the right menu, under Actions, click on Bindings.
  15. The Site Bindings dialogue will be displayed.
    1. Click on the https type.
      1. If adding a new SSL Certificate
        1. Click Add
        2. Click on the Type DropDownList
        3. Select HTTPS
        4. Click on the SSL Certificate DropDownList
          1. Select the desired SSL certificate
          2. Click OK
      2. If updating a SSL Certificate
        1. Click Edit
        2. Click on the SSL Certificate DropDownList
          1. Select the desired SSL certificate
          2. Click OK
    2. Click Close
⚠️ **GitHub.com Fallback** ⚠️