If you run a website in iis7 on server 2012 and it is secure using http s (port 443) then you may be familiar with the screen below warning that the security certificate is invalid.
This is because you do not have the correct SSL cert installed and configured in IIS7. In this guide we will do the following.
- Create a certificate request in iis7
- Get a certificate from a CA such as GoDaddy as seen from the image below
- Answer the certificate request in iis7 with the certificate we have purchased.
Create a Standard or Wildcard certificate request in iis7
We first nee to launch the IIS Manager, once in select the name of your server. On the right hand mmc you will see a “Server Certificates” screen, double click it. Now on the far right hand side we see the option to create a new certificate request. Select it.
We now create the request. The common name is the name of the website you will be hitting ( you will need an A record from your isp point to the ip address of your firewall then a port 80 redirect if you want to hit this website from external ) for example www.yourdomain.com or www.intranet.yourdomain.com. Then fill in all the personal details it asks for..
You can also create a wildcard certificate request in iis7, a wildcard certificate enables you to protect and host any amount of sub domains wit your certificate. In this guide we just protect a single domain (intranet.techieshelp.com) a wildcard certificate would be configured as below.
If you configure IIS7 like this – *.techieshelp.com, you can secure
If you configure IIS7 like this *.www.techieshelp.com, you can secure
Check out more information on GoDaddy.
Now lets create a standard certificate request.
Set the bit length t0 2048 and click next.
Then simply give the iis7 certificate request a name and save it somewhere with easy access so you can upload to your chosen CA, I recommend GoDaddy.
Get a certificate from a CA
Now you need to actually purchase your certificate, I normally use GoDaddy. simply go to them, select how long you would like to own the certificate for then once logged in select Third Party or Dedicated Server ,and then enter the certificate signing request (CSR) in the field provided. They normally cost around $20 or £14. You can either upload the certificate request we created or if you open the certificate request we created in notepad you can copy and paste the contents into the screen
Once purchased it should be issued to you withing an hour and you will be able to download it.
Answer The Certificate Request in IIS7 With The Certificate We Have Purchased
We now need to answer the request with our certificate and assign it to your website. Again select your server name and then server certificates and finally select Complete Certificate Request. Simply browse to where you saved your downloaded certificate, give it a name you will recognize then apply and finish.
We now need to bind this certificate to your website in IIS7. In the left hand MMC select your website, then on the far right hand side select “bindings”. Then select your website and select edit.
Finally make sure your website is set to HTTPS and uses port 443. Under the SSL certificate option select the certificate you have purchased. This is no complete. This method is fine for accessing the website internally and externally. Remember if you want to access the website external contact your isp and ask them to create an A record that is the same as your website name. They will then point the A record to your firewall which will in turn need a rule creating the sends port 80 and 443 traffic your your web server.
For further reading You can also create a cert request in powershell