Installing a Certificate on IIS Servers

Last updated: 2020-04-30 15:46:16

PDF

Scenario

This document describes how to install an SSL certificate in IIS.

  • This document uses the domain name www.domain.com as an example.
  • This document takes Windows 10 as an example. The detailed steps vary slightly by OS version.

Steps

Certificate Installation

  1. The certificate package for the domain name www.domain.com in the SSL Certificates Service Console has been downloaded and decompressed to a local directory.
    After decompression, you can get the certificate files in the relevant types, including Nginx folders and CSR files:

    • Folder name: IIS
    • Folder content:
      • www.domain.com.pfx Certificate file
      • keystorePass.txt Password file (if the private key password is set, none keystorePass.txt Password file)
    • CSR file content: www.domain.com.csr file

      The CSR file is uploaded by you or generated online by the system when you apply for the certificate and is provided to the CA. It is irrelevant to the installation.

  2. Open the IIS Manager, select the computer name, and double-click "Server Certificates" to open it.

  3. In the "Actions" column to the right of the Server Certificates window, click Import.

  4. In the "Import Certificate" pop-up window, select the path where the certificate file is stored, enter the password, and click OK.

    If you set a private key password when applying for the certificate, enter the private key password; otherwise, enter the password in the keystorePass.txt file in the IIS folder.

  5. Select the name of a site in "Sites" and click Site Bindings in the "Actions" column on the right.

  6. In the "Site Bindings" pop-up window, click Add, as shown below:

  7. In the "Add Site Binding" window, set the site type to HTTPS and the port to 443, specify the corresponding SSL certificate, and click OK.

  8. Once you made the addition, the new content will be available to view in the "Site Bindings" window.

Security Configuration for Automatic Redirect from HTTP to HTTPS (Optional)

Download and install the URL Rewrite module before performing the following steps.

  • For normal redirect, edit the rule in the following steps. If you have other needs, you can set it on your own.
  • During the redirect from HTTP to HTTPS, if your website element contains external links or uses the HTTP protocol, the entire webpage is not completely based on HTTPS. In this case, some browsers may prompt for insecurity such as "this link is insecure" due to those factors. You can view the error reason by clicking "Details" on the insecure page.
  1. Open the IIS Manager.

  2. Select the site name under the site, and double-click to open URL rewrite.

  3. Enter the "URL Rewrite" page and click Add Rule (s) In the "Actions" column on the right.

  4. In the "Add Rule (s)" pop-up window, select Blank rule And click OK .

  5. Go to the Edit inbound rules page.

    • Name: Enter forced HTTPS.
    • Matching URL: is entered manually in the pattern (.*) .
    • Conditions: Click To expand and click "Add" to pop up the "Add Condition" window.
      • Condition input: {HTTPS} .
      • Check if input string: Select "Matches the Pattern" by default.
      • Pattern: Enter ^OFF$ .
    • Action: Enter the following parameters.
      • Action Type: Select "Redirect".
      • Redirect URL: https://{HTTP_HOST}/{R:1} .
      • Redirect Type: Select "See Other (303)".
  6. Click Apply in the "Actions" column to save.

  7. Return to the "Sites" page and click Restart in the "Manage Website" column on the right. Then, the website can be accessed using http://www.domain.com.

If anything goes wrong during this procedure, contact us.