SSL

Steps to configure HTTPS (SSL) in IIS 8.5 on Windows Server 2012 R2

Safi A. ChoudhuryBy Updated:No Comments5 Mins Read

If your website is collecting any sensitive information (including payment details, email and password), then you need to be secure. One of the best ways to do that is to enable HTTPS, also known as SSL (secure socket layers), so that any information going to and from your server is automatically encrypted. The prevents hackers from sniffing out your visitors’ sensitive information as it passes through the internet.

lock - Steps to configure HTTPS (SSL) in IIS 8.5 on Windows Server 2012 R2

Your visitors will feel safer on your site when they see the lock while access your website – knowing it’s protected by a security certificate.

Nowadays, SSL certificate available is of various types, so you should be very careful while selecting SSL certificate.

Steps to Install SSL Certificate

SSL installation and configuration comprises of below steps:

  1. Create Certificate Signing Request (CSR)
  2. Purchase SSL Certifiate
  3. Download SSL certificate
  4. Install the downloaded SSL certificate
  5. Configure HTTPS URL to bind to the installed SSL certificate.

Create Certificate Signing Request (CSR)

Please follow below steps to create CSR in IIS 8.5 (Will be same in almost all IIS versions):

  1. From the Start screen, find Internet Information Services (IIS) Manager and open it.
  2. In the Connections pane, locate and click the server.
  3. In the server Home page (center pane) under the IIS section, double-click Server Certificates.

iis 8 csr 1 - Steps to configure HTTPS (SSL) in IIS 8.5 on Windows Server 2012 R2

4. In the Actions menu (right pane), click Create Certificate Request.

iis 8 csr 2 - Steps to configure HTTPS (SSL) in IIS 8.5 on Windows Server 2012 R2

5. In the Request Certificate wizard, on the Distinguished Name Properties page, provide the information specified below and then click Next.

Common name: The fully-qualified domain name (FQDN) (e.g., www.example.com).
Organization: Your company’s legally registered name (e.g., YourCompany, Inc.).
Organizational unit: The name of your department within the organization. This entry will usually be listed as “IT”, “Web Security”, or is simply left blank.
City/locality: The city where your company is legally located.
State/province: The state/province where your company is legally located.
Country/region: The country/region where your company is legally located. Use the drop-down list to select your country.

iis 8 csr 3 - Steps to configure HTTPS (SSL) in IIS 8.5 on Windows Server 2012 R2

6. On the Cryptographic Service Provider Properties page, provide the information specified below and then click Next.

Cryptographic service provider: In the drop-down list, select Microsoft RSA SChannel Cryptographic Provider (unless you have a specific cryptographic provider).
Bit length: In the drop-down list, select 2048 (unless you have a specific reason for using a larger bit length).

iis 8 csr 4 - Steps to configure HTTPS (SSL) in IIS 8.5 on Windows Server 2012 R2

7. On the File Name page, under Specify a file name for the certificate request, click the  …  button to specify a save location for your CSR.

Note: Remember the filename and save location of your CSR file. If you enter a filename without specifying a location, your CSR will be saved to C:WindowsSystem32.

iis 8 csr 5 - Steps to configure HTTPS (SSL) in IIS 8.5 on Windows Server 2012 R2

8. When you are done, click Finish.

9. Open the CSR file using a text editor (such as Notepad), then copy the text (including the —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– tags) and paste it into the SSL providers order form.

iis 8 csr 6 - Steps to configure HTTPS (SSL) in IIS 8.5 on Windows Server 2012 R2

Ready to order your SSL certificate? Click Here

Purchase SSL certificate

After you create your CSR, now it is time to order the SSL certificate from any of the SSL providers (my recommendation is SSL.com and godaddy.com). In order to do so click on the order link and paste the CSR information in the SSL order form, your SSL certificate will be generated. Please be patient while you wait for the SSL certificate generation after the order is placed, because it requires sometime to generate the SSL certificate from the backend.

Download SSL certificate

Once the SSL certificate is ordered and generated, you can go to the download section and download the SSL certificate for your required platfrom (In our case, it is IIS).

Install the SSL certificate

You need to install the certificate only on the Windows 2012 server where the CSR was generated. It will not work on any other Windows server except the once where the CSR is generated.

Please follow below steps to install SSL certificate on IIS:

  1. On the server where you created the CSR, save the SSL certificate .cer/p7b file (e.g., your_domain_com.cer) that you downloaded.
  2. From the Start screen, find Internet Information Services (IIS) Manager and open it.
  3. In the Connections pane, locate and click the server.
  4. In the server Home page (center pane) under the IIS section, double-click Server Certificates.

iis 8 csr 1 - Steps to configure HTTPS (SSL) in IIS 8.5 on Windows Server 2012 R2

5. In the Actions menu (right pane), click Complete Certificate Request.

iis 8 csr 7 - Steps to configure HTTPS (SSL) in IIS 8.5 on Windows Server 2012 R2

6. In the Complete Certificate Request wizard, on the Specify Certificate Authority Response page, provide the following information:

File name containing the certificate authority’s response: Click the  …  button to locate the .cer file you received from DigiCert
(e.g., your_domain_com.cer).
Friendly name: Type a friendly name for the certificate. This is not part of the certificate; instead, it is used to identify the certificate.

Note: We recommend that you add the issuing CA (e.g., DigiCert) and the expiration date to the end of your friendly name; for example, yoursite-digicert-(expiration date). Doing this helps identify the issuer and expiration date for each certificate and also helps distinguish multiple certificates with the same domain name.
Select a certificate store for the new certificate: In the drop-down list, select Personal.

iis 8 csr 8 - Steps to configure HTTPS (SSL) in IIS 8.5 on Windows Server 2012 R2

7. Click OK to install the certificate.

8. Now that you’ve successfully installed your SSL certificate, you need to configure your site to use it.

Configure HTTPS URL to use the SSL certificate

  1. In Internet Information Services (IIS) Manager, in the Connections pane, expand the name of the server on which the certificate was installed. Then expand Sites and click the site you want to secure using the SSL certificate.
  2. In the Actions menu (right pane), click Bindings.

iis 8 install 9 - Steps to configure HTTPS (SSL) in IIS 8.5 on Windows Server 2012 R2

3. In the Site Bindings window, click Add.

iis 8 install 10 - Steps to configure HTTPS (SSL) in IIS 8.5 on Windows Server 2012 R2

4. In the Add Site Binding window, do the following and then click OK.

Type: In the drop-down list, select https.
IP address: In the drop-down list, select the IP address of the site or select All Unassigned.
Port: Type 443. (SSL uses port 443 to secure traffic.)
SSL certificate: In the drop-down list, select your new SSL certificate (e.g., yourdomain.com).

iis 8 install 11 - Steps to configure HTTPS (SSL) in IIS 8.5 on Windows Server 2012 R2

5. Your SSL certificate is now installed, and the website is configured to accept secure connections.

iis 8 install 12 - Steps to configure HTTPS (SSL) in IIS 8.5 on Windows Server 2012 R2

Note: To enable your SSL certificate for use on other Windows servers, see PFX export instructions.

Share.

Safi is the founder and chief editor of ZoomTutorials Blog, a leading tutorials and technology blogging site specializing in DevOps, SysAdmin and Cloud Technologies to help IT professionals in their day to day work. He is a Senior Cloud and DevOps Solutions Engineer at a leading eCommerce development Company and has more than 8 years of SysAdmin experience working with Fortune 500 companies to solve their most important IT backbones. Safi lives in Hyderabad with his wife and a son.

Related Posts

0 0 votes
Article Rating
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x