Server 2012 IIS7 Create an SSL Certificate Request and Install a Certificate into a Website

Written by Allen White on. Posted in Server 2008, Server 2012

If you run a website in iis7 on server 2012 and it is secure using http s (port 443) then you may be familiar with the screen below warning that the security certificate is invalid.

there is a problem with the websites security certificate

This is because you do not have the correct SSL cert installed and configured in IIS7. In this guide we will do the following.

    1. Create a certificate request in iis7
    2. Get a certificate from a CA such as GoDaddy as seen from the image belowgo daddy ssl
  1. Answer the certificate request in iis7 with the certificate we have purchased.

Create a Standard or Wildcard certificate request in iis7

We first nee to launch the IIS Manager, once in select the name of your server. On the right hand mmc you will see a “Server Certificates” screen, double click it. Now on the far right hand side we see the option to create a new certificate request. Select it.

create certificate request iis7

We now create the request. The common name is the name of the website you will be hitting ( you will need an A record from your isp point to the ip address of your firewall then a port 80 redirect if you want to hit this website from external ) for example or Then fill in all the personal details it asks for..

You can also create a wildcard certificate request in iis7, a wildcard certificate enables you to protect and host any amount of sub domains wit your certificate. In this guide we just protect a single domain ( a wildcard certificate would be configured as below.

If you configure IIS7 like this – *, you can secure, etc.

If you configure IIS7 like this *, you can secure, etc.

Check out more information on GoDaddy.

Now lets create a standard certificate request.

iis7 distinguished names

Set the bit length t0 2048 and click next.

iis7 cryptographic

Then simply give the iis7 certificate request a name and save it somewhere with easy access so you can upload to your chosen CA, I recommend GoDaddy.

Get a certificate from a CA

Now you need to actually purchase your certificate, I normally use GoDaddy. simply go to them, select how long you would like to own the certificate for then once logged in select Third Party or Dedicated Server ,and then enter the certificate signing request (CSR) in the field provided. They normally cost around $20 or £14. You can either upload the certificate request we created or if you open the certificate request we created in notepad you can copy and paste the contents into the screen

certificate contents

Once purchased it should be issued to you withing an hour and you will be able to download it.

Answer The Certificate Request in IIS7 With The Certificate We Have Purchased

We now need to answer the request with our certificate and assign it to your website. Again select your server name and then server certificates and finally select Complete Certificate Request. Simply browse to where you saved your downloaded certificate, give it a name you will recognize then apply and finish.

iis7 answer certificate request

We now need to bind this certificate to your website in IIS7. In the left hand MMC select your website, then on the far right hand side select “bindings”. Then select your website and select edit.

iis7 bind certificate to website

Finally make sure your website is set to HTTPS and uses port 443. Under the SSL certificate  option select the certificate you have purchased. This is no complete. This method is fine for accessing the website  internally and externally. Remember if you want to access the website external contact your isp and ask them to create an A record that is the same as your website name. They will then point the A record to your firewall which will in turn need a rule creating the sends port 80 and 443 traffic your your web server.

select certificate for iis7 website

For further reading You can also create a cert request in powershell

Allen White
Allen is a Consultant for ITPS in the North East of England and holds the following accreditations. MCSA, MCSE, MCTS, MCITP, CCA, CCSP, VCP 4,5 and HP ASE, AIS - Network Infrastructure.

ITPS provides strategic IT consultancy, implementation, data centre provision and unified communications, as well as support services and workspace and disaster recovery. If you require a consultation then please contact me via the contacts section or direct on 07931222991, add me on linkedin.


Leave a comment


(c) Please be aware, all information is provided freely, any information used is done so at your risk and Techieshelp will not be held responsible for any issue that may occur.
!-- BuySellAds On-Site Shopping Cart -->