In my previous blog, I wrote about Install, Configure and Run IIS on Windows 2016. In this blog, I will write about SSL certificate related settings.
Please be aware that you need to own a domain name in order to do the procedure below.
- Create Certificate Sign Request (CSR) from IIS.
- Apply SSL Certificate from sslforfree.
- Complete CSR on IIS.
- Bind https on website
- Get IIS up and running with HTTS
- Export .pfx file from IIS
Let’s get started
Generating CSR from IIS
Click Server Certificates under IIS Server main page.
Click Create Certificate Request.
Filling your info to generate CSR. NOTE that in the Common name field, fill in the domain name you will be using for SSL.
Usually we pick 1024, 2048, 4096 for encryption strength.
Choose a location to save your CSR file and that’s it.
Content of CSR.
Apply SSL from sslforfree
sslforfree is a service where you can apply for SSL certificate for free. You can upgrade to obtain more features. In this blog, free account is enough.
Please note that you need to register an account to apply for SSL certificate.
Login to your account, click New Certificate.
Input your full domain name, for example, www.yourname.com OR hello.mydomain.com.
Choose basic option, which means you need to renew your SSL every 90 days manually.
Paste the CSR content, including the beginning and ending line.
For an free account, you can have 3 certificates the most.
The last step is prove that you owned the domain name as you applied for. There are couple ways to validate your domain name, pick whichever you feel most comfortable.
Follow the instruction to validate your domain name, then click Verify Domain.
Once verified, you can download your SSL certificate.
Un-zip the downloaded folder and you will see two .crt files.
Complete CSR on IIS.
Now we need to complete the CSR on IIS. Click Complete Certificate Request on the right menu of IIS server.
Select the certificate.crt file and give it a name.
And there you go, you have successfully install your SSL certificate to your IIS server.
Bind https on website
Once we have our SSL certificate ready, we configure IIS to listen on HTTPS next.
- Click Default Web Site or whichever your web site is.
- Click Bindings to bind https to web site.
- Only HTTP exists currently, click Add.
- Choose HTTPS.
- Input exactly the same name as you applied for SSL certificate.
- Select the inputed SSL certificate, click OK.
Once finished, you will see https appear under Browse Website.
Get IIS up and running with HTTS
The last step is to verify that IIS cloud really run on HTTPS. You can configure your domain name appointing to the IP of the server or use Windows hosts file for simplicity. I will use the latter.
Add a record to your Windows hosts file located at C:\Windows\System32\drivers\etc. Once done, save and exit.
Moment of truth, click or browse to your domain name using HTTPS.
And there you go! We have our IIS running on HTTPS!
Export .pfx file from IIS
Sometimes .pfx file is requested by some services such as Azure application gateway HTTPS. It is quite easy to export .pfx file once IIS is installed with SSL certificate.
Choose installed SSL certificate and click Export.
Choose your location to save the .pfx file.
Input your password for .pfx file and click OK.
And that’t it! You will see your .pfx file at where you chose to be saved!
In my next blog, I will be writing how to enforced HTTPS, stay tuned!