Domain Whois
Search

Service Hotline ( 09:00-22:30 )

+65-65189986
Help Center
Frequently Asked Questions

IIS 10 Certificate Installation Guide

Updated Time:2022-09-24  Views:24241

IIS 10: Create CSR and Install SSL Certificate


Create CSR on Windows Server 2016 and install SSL Certificate

Use the instructions on this page to create your certificate signing request (CSR) and to install and configure your SSL certificate.
1. To create your certificate signing request (CSR), see IIS10: How to create your CSR on Windows Server 2016.
2. To install your SSL certificate, see IIS 10: How to install and configure your SSL Certificate on Windows Server 2016.
For a simpler way to create your CSRs (Certificate Signing Requests) and install and manage your SSL certificates, we recommend that you use the DigiCert Certificate Utility. For more information about our utility, see DigiCert® Certificate Utility for Windows.
You can use the DigiCert Utility to generate your CSR and install your SSL certificate. See Windows Server 2016: Creating your CSR and Installing your SSL Certificate with DigiCert Utility.

How to create CSR on Windows Server 2016

 Create CSR with IIS 10
1. In the Windows Start menu, type Internet Information Services (IIS) Manager and open it.
2. In the Internet Information Services (IIS) Manager in the Connections menu tree (left pane), expand the name of the server on which the certificate was installed.

3. In the IIS section of the Server Home (center pane), double-click Server Certificate.
4. In the Actions menu (right pane) of the Server Certificate page (center pane), click the Create Certificate Request.... link.

5. On the Distinguishable Name Properties page of the Request Certificate wizard, provide the information specified below, and then click Next :
Common name: The fully qualified domain name (FQDN) (e.g., www.example.com).
Organization: Your company’s legally registered name (e.g., YourCompany, Inc.).
Organizational unit: The name of your department within the organization. This entry will usually be listed as "IT", "Web Security", or is simply left blank.
City/locality: The city where your company is legally located.
State/province:The state/province where your company is legally located.
Country/region: The country/region where your company is legally located. Use the drop-down list to select your country.

6. On the Cryptographic Service Provider Properties page, provide the information specified below and then click Next.
Cryptographic service provider: In the drop-down list, select Microsoft RSA SChannel Cryptographic Provider (unless you have a specific cryptographic provider).
Bit length: In the drop-down list, select 2048 (unless you have a specific reason for using a larger bit length).

7. On the File Name page, under Specify a file name for the certificate request, click the … button to specify a save location for your CSR.
Note: Remember the filename and save location of your CSR file. If you enter a filename without specifying a location, your CSR will be saved to C:\Windows\System32.

8. When you are done, click Finish.
9. Open the CSR file using a text editor (such as Notepad), then copy the text (including the
-----BEGIN NEW CERTIFICATE REQUEST----- and 
-----END NEW CERTIFICATE REQUEST----- tags) and paste it into the DigiCert order form.

10. After you receive your SSL certificate from DigiCert, you can install it.

 

IIS 10:How to install and configurate SSL Certificate on Windows Server 2016


If you have not yet created your CSR and ordered your SSL certificate, see Windows Server 2016: How to create CSR.
After validating your order and issuing your SSL certificate, you need to install the certificate file to your Windows Server 2016. Then you can use IIS 10 to configure the server to use it.


(Single Certificate) How to install your SSL certificate and configure the server to use it.

Install SSL Certificate.

1. On the server where the CSR was created, save the .cer file of the SSL certificate (for example, your domain_com.cer) that DigiCert sent you.
2. In the Windows start menu, type Internet Information Services (IIS) Manager and open it.
3. In Internet Information Services (IIS) Manager, in the Connections menu tree (left pane), expand the name of the server.

4. In the IIS section of the Server Home (center pane), double-click Server Certificates.
5. On the Server Certificates page (middle pane), in the Actions menu (right pane), click the Complete Certificate Request… link

6. In the Complete Certificate Request wizard, on the Specify Certificate Authority Response do the following, and then click OK:
File name containing the certificate authority's response: Click the … box and browse to and select the .cer file (e.g., your_domain_com.cer) that DigiCert sent to you.
Friendly name: Type a friendly name for the certificate. The friendly name is not part of the certificate; instead, it is used to identify the certificate.
We recommend that you add DigiCert's name and the expiration date to the end of your friendly name, for example:
yoursite-authority-(expiration date). This information helps identify the issuer and expiration date for each certificate. It also helps distinguish multiple certificates with the same domain name.
Select a certificate store for the new certificate: In the drop-down list, select Web Hosting.

7. Now that you've successfully installed your SSL certificate, you need to assign the certificate to the appropriate site.
8. In Internet Information Services (IIS) Manager, in the Connections menu tree (left pane), expand the name of the server on which the certificate was installed. Then expand Sites and click the site you want to use the SSL certificate to secure.

9. On the website Home page, in the Actions menu (right pane), under Edit Site, click the Bindings… link.
10. In the Site Bindings window, click Add.

11. In the Add Site Bindings window, do the following and then click OK:
Type: In the drop-down list, select https.
IP address: In the drop-down list, select the IP address of the site or select All Unassigned.
Port: Type port 443. The port over which traffic is secure by SSL is port 443.
SSL certificate: In the drop-down list, select your new SSL certificate (e.g., yourdomain.com).

12. Your SSL certificate is now installed, and the website is configured to accept secure connections.

 

(Multiple Certificates) How to install your SSL certificates and configure the server to use them using SNI
Install First SSL Certificate

 

Do this first set of instructions only once, for the first SSL certificate

1. On the server where you created the CSR, save the SSL certificate .cer file (e.g., your_domain_com.cer) that DigiCert sent to you.
2. In the Windows start menu, type Internet Information Services (IIS) Manager and open it.
3. In Internet Information Services (IIS) Manager, in the Connections menu tree (left pane), locate and click the server name.

4. In the IIS section of the Server Home (center pane), double-click Server Certificates.
5. On the Server Certificates page (center pane), in the Actions menu (right pane), click the Complete Certificate Request… link.

6. In the Complete Certificate Request wizard, on the Specify Certificate Authority Response page, do the following and then click OK:
File name containing the certificate authority's response: Click the … box and browse to and select the .cer file (e.g., your_domain_com.cer) that DigiCert sent to you.
Friendly name: Type a friendly name for the certificate. The friendly name is not part of the certificate; instead, it is used to identify the certificate.
We recommend that you add certificate authority's name and the expiration date to the end of your friendly name, for example: yoursite-authority-(expiration date).
This information helps identify the issuer and expiration date for each certificate. It also helps distinguish multiple certificates with the same domain name.
Select a certificate store for the new certificate: In the drop-down list, select Web Hosting.

7. Now that you've successfully installed your SSL certificate, you need to assign the certificate to the appropriate site.
8. In Internet Information Services (IIS) Manager, in the Connections menu tree (left pane), expand the name of the server on which the certificate was installed. 
Then expand Sites and click the site you want to use the SSL certificate to secure.

9. On the website Home page, in the Actions menu (right pane), under Edit Site, click the Bindings… link.
10. In the Site Bindings window, click Add.

11. In the Add Site Bindings window, do the following and then click OK:
Type: In the drop-down list, select https.
IP address: In the drop-down list, select the IP address of the site or select All Unassigned.
Port: Type port 443. The port over which traffic is secure by SSL is port 443.
SSL certificate: In the drop-down list, select your new SSL certificate (e.g., yourdomain.com).

12. Your first SSL certificate is now installed, and the website configured to accept secure connections.

 

Install Additional SSL Certificates


1. On the server where you created the CSR, save the SSL certificate .cer file (e.g., your_domain_com.cer) that DigiCert sent to you.
2. In the Windows start menu, type Internet Information Services (IIS) Manager and open it.
3. In Internet Information Services (IIS) Manager, in the Connections menu tree (left pane), locate and click the server name.

4. In the IIS section of the Server Home (center pane), double-click Server Certificates.
5. On the Server Certificates page (center pane), in the Actions menu (right pane), click the Complete Certificate Request… link.

6. In the Complete Certificate Request wizard, on the Specify Certificate Authority Response page, do the following and then click OK:
File name containing the certificate authority's response: Click the … box and browse to and select the .cer file (e.g., your_domain_com.cer) that DigiCert sent to you.
Friendly name: Type a friendly name for the certificate. The friendly name is not part of the certificate; instead, it is used to identify the certificate.
We recommend that you add certificate authority's name and the expiration date to the end of your friendly name, for example:
This information helps identify the issuer and expiration date for each certificate.
It also helps distinguish multiple certificates with the same domain name.
Select a certificate store for the new certificate: In the drop-down list, select Web Hosting.

7. Now that you've successfully installed your SSL certificate, you need to assign the certificate to the appropriate site.
8. In Internet Information Services (IIS) Manager, in the Connections menu tree (left pane), expand the name of the server on which the certificate was installed.
Then expand Sites and click the site you want to use the SSL certificate to secure.

9. On the website Home page, in the Actions menu (right pane), under Edit Site, click the Bindings… link.
10. In the Site Bindings window, click Add.

11. In the Add Site Bindings window, do the following and then click OK:
Type: In the drop-down list, select https.
IP address: In the drop-down list, select the IP address of the site or select All Unassigned.
Port: Type port 443. The port over which traffic is secure by SSL is port 443.
Host name: Type the host name that you want to secure.
Require Server Name Indication: After you enter the host name, check this box. This is required for all additional certificates/sites, after you've installed the first certificate and secured the primary site.
SSL certificate: In the drop-down list, select your new SSL certificate (e.g., yourdomain2.com).

12. Your first SSL certificate is now installed, and the website is configured to accept secure connections.

 

 

Next Topic: No Topic