Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

Yst@IT
5 min readMar 21, 2021

--

In my previous blog, I wrote about Install, Configure and Run IIS on Windows 2016. In this blog, I will write about SSL certificate related settings.

Please be aware that you need to own a domain name in order to do the procedure below.

Steps:

  1. Create Certificate Sign Request (CSR) from IIS.
  2. Apply SSL Certificate from sslforfree.
  3. Complete CSR on IIS.
  4. Bind https on website
  5. Get IIS up and running with HTTS
  6. Export .pfx file from IIS

Let’s get started

Generating CSR from IIS

Click Server Certificates under IIS Server main page.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

Click Create Certificate Request.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

Filling your info to generate CSR. NOTE that in the Common name field, fill in the domain name you will be using for SSL.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

Usually we pick 1024, 2048, 4096 for encryption strength.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

Choose a location to save your CSR file and that’s it.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

Content of CSR.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

Apply SSL from sslforfree

sslforfree is a service where you can apply for SSL certificate for free. You can upgrade to obtain more features. In this blog, free account is enough.

Please note that you need to register an account to apply for SSL certificate.

Login to your account, click New Certificate.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

Input your full domain name, for example, www.yourname.com OR hello.mydomain.com.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

Choose basic option, which means you need to renew your SSL every 90 days manually.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

Paste the CSR content, including the beginning and ending line.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

For an free account, you can have 3 certificates the most.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

The last step is prove that you owned the domain name as you applied for. There are couple ways to validate your domain name, pick whichever you feel most comfortable.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

Follow the instruction to validate your domain name, then click Verify Domain.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

Once verified, you can download your SSL certificate.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

Un-zip the downloaded folder and you will see two .crt files.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

Complete CSR on IIS.

Now we need to complete the CSR on IIS. Click Complete Certificate Request on the right menu of IIS server.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

Select the certificate.crt file and give it a name.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS
Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

And there you go, you have successfully install your SSL certificate to your IIS server.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

Bind https on website

Once we have our SSL certificate ready, we configure IIS to listen on HTTPS next.

  1. Click Default Web Site or whichever your web site is.
  2. Click Bindings to bind https to web site.
  3. Only HTTP exists currently, click Add.
  4. Choose HTTPS.
  5. Input exactly the same name as you applied for SSL certificate.
  6. Select the inputed SSL certificate, click OK.
Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

Once finished, you will see https appear under Browse Website.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

Get IIS up and running with HTTS

The last step is to verify that IIS cloud really run on HTTPS. You can configure your domain name appointing to the IP of the server or use Windows hosts file for simplicity. I will use the latter.

Add a record to your Windows hosts file located at C:\Windows\System32\drivers\etc. Once done, save and exit.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

Moment of truth, click or browse to your domain name using HTTPS.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

And there you go! We have our IIS running on HTTPS!

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

Export .pfx file from IIS

Sometimes .pfx file is requested by some services such as Azure application gateway HTTPS. It is quite easy to export .pfx file once IIS is installed with SSL certificate.

Choose installed SSL certificate and click Export.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

Choose your location to save the .pfx file.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

Input your password for .pfx file and click OK.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

And that’t it! You will see your .pfx file at where you chose to be saved!

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

In my next blog, I will be writing how to enforced HTTPS, stay tuned!

--

--

Yst@IT
Yst@IT

Written by Yst@IT

Cloud Solution Architect, focusing on Oracle Cloud Infrastructure currently.