Requesting and Putting in an SSL Certificates for Web Data Server (IIS)

Generate a Certificates Signing Request (CSR)

Generate the request utilizing the Certificates snap-in in Microsoft Administration Console (MMC).

Step 1: Open the Certificates Snap-In

1. Press Home windows + R, kind mmc, and press Enter.
2. Go to File > Add/Take away Snap-in.
3. Choose Certificates and click on Add.
4. Select Pc account, then click on Subsequent.
5. Choose Native pc and click on End.
6. Click on OK to shut the Add/Take away window.

Step 2: Begin the CSR Wizard

1. Within the left pane, broaden Certificates (Native Pc).
2. Proper-click Private and choose:

• All Duties → Superior Operations → Create Customized Request

Step 3: Configure the Request

1. On the Certificates Enrollment web page, click on Subsequent.
2. Choose Proceed with out enrollment coverage and click on Subsequent.
3. On the “Certificates Data” web page, broaden Particulars and click on Properties.
4. On the Common tab:

• Enter a pleasant title, e.g., WS25-IIS Certificates.

• Beneath Topic title, select Widespread Identify.
• Enter the totally certified area title (FQDN), e.g. ws25-iis.windowserver.information.
• Click on Add.
• Beneath Various title, select DNS.
• Enter the identical FQDN and click on Add.

• Beneath Key Utilization, guarantee Digital Signature and Key Encipherment are chosen.
• Beneath Prolonged Key Utilization, add Server Authentication.

• Beneath Cryptographic Supplier, choose
  RSA, Microsoft Software program Key Storage Supplier.
• Set Key dimension to 2048 bits.
• Verify Make personal key exportable and
  Enable personal key to be archived.

Step 4: Save the Request

1. Select a location to avoid wasting the request file (e.g. C:Temp).
2. Make sure the format is about to Base 64.
3. Present a filename akin to SSLRequest.req.
4. Click on End.

You’ll be able to open the file in Notepad to confirm the Base64-encoded request textual content.

Submit the CSR to a Certification Authority

You should utilize an inside Home windows CA or a public CA. The instance beneath assumes an online enrollment interface.

Step 1: Open the CA Net Enrollment Web page

Navigate to your CA’s enrollment website. If the server doesn’t belief the CA, you could obtain a warning. You may must or set up the CA certificates as wanted.

Step 2: Submit an Superior Certificates Request

1. Choose Request a certificates.
2. Select superior certificates request.
3. Open the CSR in Notepad, copy the Base64 textual content, and paste it into the request kind.
4. Click on Submit.

Step 3: Approve the Request (if required)

In case your CA requires approval, check in to the CA server and approve the pending request.

Step 4: Obtain the Issued Certificates

1. Return to the CA net enrollment web page.
2. View the standing of pending requests.
3. Find your request and choose it.
4. Select the Base 64 encoded certificates format.
5. Obtain the certificates.
6. Put it aside to a identified location and rename it meaningfully (e.g. WS25-IIS-Cert.cer).

Set up the SSL Certificates

1. Double-click the .cer file to open it.
2. Click on Set up Certificates.
3. Select Native Machine as the shop location.
4. When prompted for the shop, choose:

• Place all certificates within the following retailer
• Select Private

The certificates is now imported and obtainable to be used by IIS.

Bind the Certificates in IIS

Step 1: Open IIS Supervisor

1. Open Server Supervisor or seek for IIS Supervisor.
2. Within the left pane, broaden the server and choose your web site (e.g., Default Net Website).

Step 2: Add an HTTPS Binding

1. Within the Actions pane, click on Bindings.
2. Within the Website Bindings window, click on Add.
3. Choose:

• Sort: https
• Hostname: the FQDN used within the certificates (e.g., ws25-iis.windowserver.information)
• SSL Certificates: select the certificates you put in (e.g. WS25-IIS Certificates)

Check the HTTPS Connection

1. Open Microsoft Edge (or your most popular browser).
2. Browse to the positioning utilizing https:// and the FQDN.

• Instance: https://ws25-iis.windowserver.information

• Confirm the certificates is legitimate.
• Verify the certificates particulars if desired.

If the web page masses securely with out warnings, the certificates is put in and certain accurately.