SSL certificates are a crucial component of the modern web, as they are required for secure HTTPS traffic, protecting your users from attackers in the middle sniffing packets. We’ll show how to request and configure them for Microsoft’s IIS web server.
What is an SSL Certificate and What Does it Do?
SSL certificates, which stands for Secure Socket Layer, protect and secure websites all over the world. You can tell when a website has an SSL certificate configured because the URL in the browser shows https:// instead of just http://.
When a website has SSL configured properly, it encrypts the data between the web server that hosts the website and your computer or mobile device. This prevents 3rd parties and hackers from intercepting the data and being able to steal your passwords and credit card information. If a website is taking credit cards or passwords from you, most of the time it will have a secure SSL connection, protecting you and your data.
This guide is for intermediate users who have a medium to strong grasp on technology but need help specifically installing a certificate in IIS (Internet Information Services) on Windows Server. This guide will walk you through the basic steps needed to get your URL secured with SSL and ready to encrypt connections.
Begin by Generating a Certificate Signing Request
The first thing you will need to do is generate a certificate signing request from your web server for your website. To do this, open IIS Manager (Internet Information Services) on your web server and navigate to Server Certificates.
On the right-hand side of IIS, select Create Certificate Request and enter in your company information. Anyone can get SSL for their website, so if you do not have a company name, you can just use your legal name or entity. This information is needed to register the website with the SSL authority to try and prevent fraud and false SSL registration.
Please be aware that Common Name should be www.yourdomain.com instead of just yourdomain.com. If the www is not included in this section, you will only be able to secure yourdomain.com and not www.yourdomain.com. If the www is included, you are able to secure both.
Once you have filled out this section, click Next to move on.
On the following page, select your Bit Length for encryption, usually 2048, click Next and save your CSR on your desktop as yourdomain.csr.txt as we will be providing this data to a certificate issuer at the next step, so keep it handy!
Ordering the SSL and Submitting Your CSR to the Certificate Authority
Navigate to your desired certificate authority’s website and begin your SSL order. Many organizations use services like DigiCert, Global Sign, Namecheap, or Verisign to order their certificates and secure their domains. There is also LetsEncrypt, which offers free certificates.
At this point, you will need to provide the contents of the CSR we generated in the last step. You can open this .csr.txt file in Notepad and copy out the CSR data. It will look something like this:
-----BEGIN CERTIFICATE REQUEST----- MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNV BAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGln aUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmo wp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c 1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiI WDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZ wIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPR BPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJ KoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6D hJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpY Q4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn 29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO2 97Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w= -----END CERTIFICATE REQUEST-----
Copy the contents of your CSR to your order form as requested and follow the instructions on your SSL registrar’s form. Once you complete your orde, download the .cer they provide to you and save it to your web server.
You are nearly ready to provide secure connections between visitors and your website!
Installing your SSL Certificate on Your Web Server
On your server, go back to IIS and Server Certificates and select ‘Complete Certificate Request’ on the right hand side of IIS Manager.
Upload the new certificate file you just downloaded from the SSL issuer and keep the friendly name the same as your domain or yourdomain.com-01 for simplicity. You can leave the selected ceritficate store as the Personal store.
Binding your SSL Certificate to Your Website
Now that you have you installed your SSL certificate to your sever, you must bind it to your website in order for it to take effect.
To bind it to a website, navigate to your website in IIS and select bindings on the right hand side.
You will need to add a new binding for Type: https, select your SSL certificate from the drop down which you labeled yourdomain.com or yourdomain.com-01. ‘
For hostname you will want to make it yourdomain.com. After you create this binding you will want to create a second binding for www.yourdomain.com as well so that both versions www and non-www versions of the URL are encrypted.
Select OK and your binding should take effect. Now if you want to access your website securely you can go to https://yourdomain.com to see if the SSL is installed correctly.
Testing Your Certificates and Making Sure You’re Secure
To make sure SSL is loading correctly for all users, go to an SSL Checker website like https://www.sslshopper.com/ssl-checker.html and enter your domain in the form field as https://yourdomain.com. If it works correctly, it will show you all green checks, otherwise it will tell you exactly what is wrong.
If only some of the content is appearing encrypted, you will need to update the URLs for things like images and scripts in your website’s code to have the htttps:// URL instead of http://.
Try testing both www and non-www versions of your site for errors.
To force your website to load the secure URL (https) instead of http, you will need to create a redirect rule forcing http to redirect to https for this website.
You are now encrypting sensitive data between your users and your website! This makes your website more credible and safer for everyone on the internet. Thanks for doing your part!