How To Install SSL Certificate on Windows IIS Server
An SSL (Secure Sockets Layer) certificate is an indispensable digital safeguard for secure internet interactions. In This article you will learn how to install SSL Certificate in Internet Information Services (IIS) in a best way. It operates on two main fronts:
Encrypting Data: At its heart, an SSL certificate encrypts the communication channel between your web browser and the server. This encryption turns any information exchanged online—be it financial transactions, log-in details, or personal data—into a coded message that is indecipherable to unauthorized interceptors. This layer of security is crucial for protecting your private information from cyber threats.
Validating Websites: SSL certificates also play a vital role in verifying the authenticity of websites. They function as a digital verification card, issued by a reputable Certificate Authority (CA), to confirm that the website you’re interacting with is legitimate and not a fraudulent scheme designed to deceive you. This verification helps in preventing identity theft and other forms of cyber fraud.
Building Trust: A website equipped with an SSL certificate will often be marked with visual indicators such as a padlock icon or a green address bar in your web browser. These symbols serve as reassurances that your connection is secure, making it safe for you to enter sensitive information. They are key to fostering a sense of security and trustworthiness among users.
install SSL Certificate on Windows IIS Server
Generating a CSR with IIS 10 on Windows Server
To begin, navigate to your Windows start menu and enter “Internet Information Services (IIS) Manager” in the search bar, then launch the application.
Within the Internet Information Services (IIS) Manager, look towards the Connections menu tree on the left side of the screen. Here, you’ll need to find and select your server’s name.
Once you’re on the homepage for your server’s name (found in the center pane), head over to the IIS segment and give a double-click on “Server Certificates.”
Next, on the “Server Certificates” screen (still in the center pane), turn your attention to the Actions menu located on the right. Here, you’ll want to select the “Create Certificate Request…” option.
On the Distinguished Name Properties screen of the Request Certificate wizard, you’re asked to enter various details. Here’s what you’ll need to provide before clicking “Next”:
– Common Name: Enter the complete domain name you’re securing with this certificate, such as “www.yoursite.com”.
– Organization: Input the official registered name of your business, like “MyBusiness, LLC”.
– Organizational Unit: Specify your department within the company. Common choices include “IT,” “Web Security,” or you might leave it empty.
– City/Locality: Enter the city where your business is officially based.
– State/Province: Fill in the state or province where your business is registered.
– Country: From the provided drop-down menu, choose the country where your business is legally established.
When you arrive at the Cryptographic Service Provider Properties page, follow these instructions:
– Cryptographic Service Provider: From the provided drop-down menu, choose “Microsoft RSA SChannel Cryptographic Provider,” unless there’s another cryptographic provider you’re specifically required to use.
– Bit Length: Use the drop-down menu to select a bit length of 2048. You might choose a larger bit length if you have a particular need for it, but 2048 is generally recommended for most cases.
After filling in these details, proceed by clicking “Next.”
On the File Name step, you’ll see a section asking you to “Specify a file name for the certificate request.” Click on the “…” button to open a window where you can navigate to the folder where you wish to save your CSR.
Important: Make sure to note both the file name you assign and the specific folder you save the csr.txt file in. If you type in a file name without selecting a save location, your CSR will automatically be saved in the C:\Windows\System32 directory.
After completing the previous steps, click on the “Finish” button.
Next, open the file using a basic text editor like Notepad. Make sure to copy all the text, starting from the “—–BEGIN NEW CERTIFICATE REQUEST—–” line and ending with the “—–END NEW CERTIFICATE REQUEST—–“ line. This entire block of text is what you’ll need to paste into the order form on the DigiCert website.
Setting Up Your SSL Certificate on IIS 10 with Windows Server 2016
Before moving forward, ensure you’ve generated a CSR and have your SSL certificate ready, following the guide “IIS 10: How to Create Your CSR on Windows Server 2016.”
Once your SSL certificate has been validated and issued, it’s time to install it on the Windows Server 2016 where you initially generated the CSR. This process involves not only installation but also configuring your server to utilize the new certificate.
For a Single Certificate: Steps to Install and Activate Your SSL Certificate
For Multiple Certificates: Utilizing SNI for SSL Certificate Installation and Configuration
Installing and Configuring a Single SSL Certificate:
– Locate the .cer file (for example, your_domain_com.cer) that you received from DigiCert and save it on the server where the CSR was created.
– Open the Windows start menu, search for Internet Information Services (IIS) Manager, and open it.
– Within the Internet Information Services (IIS) Manager, use the Connections menu on the left to find and
select your server’s name.
After selecting your server name within IIS Manager, proceed by navigating to the IIS section found on the server’s main dashboard (the center pane), and then double-tap on “Server Certificates.”
Next, within the “Server Certificates” window (again in the center pane), look to the “Actions” menu positioned on the right side. Here, you will find and need to click on the “Complete Certificate Request…” option.
During the last stage of the SSL certificate installation, within the “Complete Certificate Request” wizard, you’ll arrive at the “Specify Certificate Authority Response” section. Here’s what to do next:
– Locating Your Certificate File: Click the “…” button to open a file browser. Navigate to and select the .cer file (for instance, your_domain_com.cer) that you’ve received from DigiCert.
– Assigning a Friendly Name: Enter a descriptive name for your certificate. This name isn’t included in the certificate itself but is used for easier identification within your system. It’s a good practice to include “DigiCert” along with the certificate’s expiration date in this name (e.g., yoursite-digicert-expiration date). This strategy helps in quickly identifying the certificate’s issuer and its validity period, especially when managing multiple certificates for the same domain.
– Choosing a Certificate Store: From the available options in the drop-down menu, choose “Web Hosting” as the location to store the newly installed certificate.
After completing these steps, proceed by clicking “OK” to finalize the certificate installation process.
Open Internet Information Services (IIS) Manager and look to the Connections menu on the left-hand side. Begin by expanding the server’s name where your SSL certificate has been set up.
Next, unfold the “Sites” section and select the particular site you intend to secure with your newly installed SSL certificate.
Once you’ve navigated to your selected website’s main page, direct your attention to the Actions menu found on the right side. Here, under the “Edit Site” section, you’ll want to select the “Bindings…” option.
After entering the Site Bindings dialog, proceed by clicking on “Add” to initiate the process.
In the “Add Site Bindings” interface, you’ll need to adjust a few settings before finalizing:
Type: From the drop-down menu, choose “https” to ensure your site communicates securely.
IP Address: Select the specific IP address of your site if it has one. Alternatively, you can choose “All Unassigned” if the site doesn’t have a dedicated IP address.
Port: Enter “443” in this field. This is the standard port used for secure communications over SSL.
SSL Certificate: Look for and select the SSL certificate you’ve just installed, identified by your domain name (for example, yourdomain.com).
After setting these parameters, click “OK” to apply the changes.
Your SSL certificate is now installed, and the website configured to accept secure connections.