Steps to configure HTTPS (SSL) in IIS 8.5 on Windows Server 2012 R2
18 min read
If your website is collecting any sensitive information (including payment details, email and password), then you need to be secure. One of the best ways to do that is to enable HTTPS, also known as SSL (secure socket layers), so that any information going to and from your server is automatically encrypted. The prevents hackers from sniffing out your visitors’ sensitive information as it passes through the internet.
Your visitors will feel safer on your site when they see the lock while access your website – knowing it’s protected by a security certificate.
Nowadays, SSL certificate available is of various types, so you should be very careful while selecting SSL certificate.
Steps to Install SSL Certificate
SSL installation and configuration comprises of below steps:
- Create Certificate Signing Request (CSR)
- Purchase SSL Certifiate
- Download SSL certificate
- Install the downloaded SSL certificate
- Configure HTTPS URL to bind to the installed SSL certificate.
Create Certificate Signing Request (CSR)
Please follow below steps to create CSR in IIS 8.5 (Will be same in almost all IIS versions):
From the Start screen, find Internet Information Services (IIS) Manager and open it.
In the Connections pane, locate and click the server.
In the server Home page (center pane) under the IIS section, double-click Server Certificates.
4. In the Actions menu (right pane), click Create Certificate Request.
5. In the Request Certificate wizard, on the Distinguished Name Properties page, provide the information specified below and then click Next.
| Common name: | The fully-qualified domain name (FQDN) (e.g., www.example.com). |
| Organization: | Your company’s legally registered name (e.g., YourCompany, Inc.). |
| Organizational unit: | The name of your department within the organization. This entry will usually be listed as “IT”, “Web Security”, or is simply left blank. |
| City/locality: | The city where your company is legally located. |
| State/province: | The state/province where your company is legally located. |
| Country/region: | The country/region where your company is legally located. Use the drop-down list to select your country. |
6. On the Cryptographic Service Provider Properties page, provide the information specified below and then click Next.
| Cryptographic service provider: | In the drop-down list, select Microsoft RSA SChannel Cryptographic Provider (unless you have a specific cryptographic provider). |
| Bit length: | In the drop-down list, select 2048 (unless you have a specific reason for using a larger bit length). |
7. On the File Name page, under Specify a file name for the certificate request, click the … button to specify a save location for your CSR.
Note: Remember the filename and save location of your CSR file. If you enter a filename without specifying a location, your CSR will be saved to C:\Windows\System32.
8. When you are done, click Finish.
9. Open the CSR file using a text editor (such as Notepad), then copy the text (including the —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– tags) and paste it into the SSL providers order form.
Purchase SSL certificate
After you create your CSR, now it is time to order the SSL certificate from any of the SSL providers (my recommendation is SSL.com and godaddy.com). In order to do so click on the order link and paste the CSR information in the SSL order form, your SSL certificate will be generated. Please be patient while you wait for the SSL certificate generation after the order is placed, because it requires sometime to generate the SSL certificate from the backend.
Install the SSL certificate
You need to install the certificate only on the Windows 2012 server where the CSR was generated. It will not work on any other Windows server except the once where the CSR is generated.
Please follow below steps to install SSL certificate on IIS:
- On the server where you created the CSR, save the SSL certificate .cer/p7b file (e.g., your_domain_com.cer) that you downloaded.
- From the Start screen, find Internet Information Services (IIS) Manager and open it.
- In the Connections pane, locate and click the server.
- In the server Home page (center pane) under the IIS section, double-click Server Certificates.
5. In the Actions menu (right pane), click Complete Certificate Request.
6. In the Complete Certificate Request wizard, on the Specify Certificate Authority Response page, provide the following information:
| File name containing the certificate authority’s response: | Click the … button to locate the .cer file you received from DigiCert (e.g., your_domain_com.cer). |
| Friendly name: | Type a friendly name for the certificate. This is not part of the certificate; instead, it is used to identify the certificate. Note: We recommend that you add the issuing CA (e.g., DigiCert) and the expiration date to the end of your friendly name; for example, yoursite-digicert-(expiration date). Doing this helps identify the issuer and expiration date for each certificate and also helps distinguish multiple certificates with the same domain name. |
| Select a certificate store for the new certificate: | In the drop-down list, select Personal. |
7. Click OK to install the certificate.
8. Now that you’ve successfully installed your SSL certificate, you need to configure your site to use it.
Configure HTTPS URL to use the SSL certificate
- In Internet Information Services (IIS) Manager, in the Connections pane, expand the name of the server on which the certificate was installed. Then expand Sites and click the site you want to secure using the SSL certificate.
- In the Actions menu (right pane), click Bindings.
3. In the Site Bindings window, click Add.
4. In the Add Site Binding window, do the following and then click OK.
| Type: | In the drop-down list, select https. |
| IP address: | In the drop-down list, select the IP address of the site or select All Unassigned. |
| Port: | Type 443. (SSL uses port 443 to secure traffic.) |
| SSL certificate: | In the drop-down list, select your new SSL certificate (e.g., yourdomain.com). |
5. Your SSL certificate is now installed, and the website is configured to accept secure connections.
Note: To enable your SSL certificate for use on other Windows servers, see PFX export instructions.
