Server 2012 IIS7 Create an SSL Certificate Request and Install a Certificate into a Website

Written by Allen White on. Posted in Server 2008, Server 2012

If you run a website in iis7 on server 2012 and it is secure using http s (port 443) then you may be familiar with the screen below warning that the security certificate is invalid.

there is a problem with the websites security certificate

This is because you do not have the correct SSL cert installed and configured in IIS7. In this guide we will do the following.

    1. Create a certificate request in iis7
    2. Get a certificate from a CA such as GoDaddy as seen from the image belowgo daddy ssl
  1. Answer the certificate request in iis7 with the certificate we have purchased.

Create a Standard or Wildcard certificate request in iis7

We first nee to launch the IIS Manager, once in select the name of your server. On the right hand mmc you will see a “Server Certificates” screen, double click it. Now on the far right hand side we see the option to create a new certificate request. Select it.

create certificate request iis7

We now create the request. The common name is the name of the website you will be hitting ( you will need an A record from your isp point to the ip address of your firewall then a port 80 redirect if you want to hit this website from external ) for example www.yourdomain.com or www.intranet.yourdomain.com. Then fill in all the personal details it asks for..

You can also create a wildcard certificate request in iis7, a wildcard certificate enables you to protect and host any amount of sub domains wit your certificate. In this guide we just protect a single domain (intranet.techieshelp.com) a wildcard certificate would be configured as below.

If you configure IIS7 like this – *.techieshelp.com, you can secure
www.techieshelp.com
photos.techieshelp.com
blog.techieshelp.com, etc.

If you configure IIS7 like this *.www.techieshelp.com, you can secure
mail.www.techieshelp.com
photos.www.techieshelp.com
blog.www.techieshelp.com, etc.

Check out more information on GoDaddy.

Now lets create a standard certificate request.

iis7 distinguished names

Set the bit length t0 2048 and click next.

iis7 cryptographic

Then simply give the iis7 certificate request a name and save it somewhere with easy access so you can upload to your chosen CA, I recommend GoDaddy.

Get a certificate from a CA

Now you need to actually purchase your certificate, I normally use GoDaddy. simply go to them, select how long you would like to own the certificate for then once logged in select Third Party or Dedicated Server ,and then enter the certificate signing request (CSR) in the field provided. They normally cost around $20 or £14. You can either upload the certificate request we created or if you open the certificate request we created in notepad you can copy and paste the contents into the screen

certificate contents

Once purchased it should be issued to you withing an hour and you will be able to download it.

Answer The Certificate Request in IIS7 With The Certificate We Have Purchased

We now need to answer the request with our certificate and assign it to your website. Again select your server name and then server certificates and finally select Complete Certificate Request. Simply browse to where you saved your downloaded certificate, give it a name you will recognize then apply and finish.

iis7 answer certificate request

We now need to bind this certificate to your website in IIS7. In the left hand MMC select your website, then on the far right hand side select “bindings”. Then select your website and select edit.

iis7 bind certificate to website

Finally make sure your website is set to HTTPS and uses port 443. Under the SSL certificate  option select the certificate you have purchased. This is no complete. This method is fine for accessing the website  internally and externally. Remember if you want to access the website external contact your isp and ask them to create an A record that is the same as your website name. They will then point the A record to your firewall which will in turn need a rule creating the sends port 80 and 443 traffic your your web server.

select certificate for iis7 website

For further reading You can also create a cert request in powershell

 
 

Related Problems

How To Remove An Expired Exchange 2007/ 2010 Certificate and Create A New Certificate
How to renew your expired exchange 2007 certificate.A guide on How To Remove An Expired Exchange 2007 Certificate and Create A New Certificate. This needs to be done every so ...
READ SOLUTION
ssl cert image
An easy to follow guide on how to use and create a self signed SSL certificate and then import it into exchange.
READ SOLUTION
Server 2012 Content From The Website Listed Is Being Blocked
When you receive the error Content from the website listed below is being blocked by Internet Explorer Enhanced Security Configuration, you can disable the enhanced security configuration or add the ...
READ SOLUTION
How To Enable SSL 3.0 Server 2008 /SBS 2008/SBS2011
SSL 3.0 is not enabled in server 2008/sbs2008 and sbs2011 out of the box. It can be enable from the registry however. Here is how to enable ssl 3.0.
READ SOLUTION
Building Server 2012 And Creating A New Windows 2012 Domain
Step by step guide on how to installe microsoft server 2012, create a new server 2012 domain and promote a server into a 2012 domain
READ SOLUTION
Server 2012 Windows cannot read the  setting from the unattend answer file
When installing server 2012 you recive the error Windows cannot read the setting from the unattend answer file, here is how to fix.
READ SOLUTION
Cannot Install Exchange 2013 on Windows 2012 Server
When installing Exchange 2013 on Server 2012 you receive and error stating The following error was generated when "$error.Clear();, this is an IPV6 error
READ SOLUTION
Allow a Server to Relay Email. Exchange 2007 / 2010
If you want a server or another pc to send emails through your exchange server then you need to configure the relay options. Here is how to allow relaying through ...
READ SOLUTION
How To Remove An Expired Exchange 2007/ 2010
Create A Self Signed SSL Cert For Exchange
Server 2012 Content From The Website Listed Is
How To Enable SSL 3.0 Server 2008 /SBS
Building Server 2012 And Creating A New Windows
Server 2012 Windows cannot read the setting
Cannot Install Exchange 2013 on Windows 2012 Server
Allow a Server to Relay Email. Exchange 2007

Tags:

Allen White

Allen is a Technical Consultant for an IT company in the North East of England and holds the following accreditations. MCSA, MCSE, MCTS, MCITP, CCA, CCSP, VCP 4,5 and HP ASE, AIS - Network Infrastructure. Backup Academy Certified. I run this site in my spare time so if I help you then PLEASE take the time to share using the share tools on the site.

What Do You Think?

Search Solutions

Categories

(c) Techieshelp.com. Please be aware, all information is provided freely, any information used is done so at your risk and Techieshelp will not be held responsible for any issue that may occur.