Generating CSR and Installing SSL Certificate on IIS 8, 8.5

Generating CSR and installing SSL certificates on IIS 8, 8.5 is quite straightforward. Essentially, the steps are similar to creating CSR files and installing SSL certificates on IIS 7 (Windows Server 2008).

Steps to Generate CSR and Install SSL Certificate on IIS 8 and 8.5

Step 1: Generate CSR on IIS or IIS 8.5 on Windows Server 2012

1. On the Start Menu, find and open Internet Information Services (IIS) Manager.

2. On the Connections window, locate and click on the server.

3. On the server's home page, in the IIS section, find and double-click on Server Certificates.

4. On the Actions menu (on the right panel), select Create Certificate Request.

5. In the Request Certificate wizard, on the Distinguished Name Properties page, fill in the following information and click Next:

- Common name: Fully Qualified Domain Name (FQDN) (e.g., Mytour).

- Organization: Legal registered name of your company.

- Organizational unit: Department name within your company. This field is often filled with IT, Web Security, or left blank.

- City/locality: Location of your company.

- State/province: Province/City where your company is headquartered.

- Country/region: Country/region where your company is headquartered. Use the menu to select your country.

6. On the Cryptographic Service Provider Properties page, provide the following information and click Next:

- Cryptographic service provider: From the dropdown menu, choose Microsoft RSA SChannel Cryptographic Provider (unless you have a specific CSP provider).

- Bit length: From the menu, select 2048 (unless you have a reason to use a larger key size).

7. On the File Name page, in the Specify a file name for the certificate request section, click the icon with three dots to specify the location to save the CSR.

Make sure to remember the file name and the location where you save your CSR file. If you enter the name without specifying the location, the CSR file will be saved in the default location C:\Windows\System32.

8. Once completed, click on Finish.

9. Open the CSR file with any text editor such as Notepad, then copy the line below and paste it into the DigiCert ordering form:

"-BEGIN NEW CERTIFICATE REQUEST"-

Moreover:

"-END NEW CERTIFICATE REQUEST"-

10. Upon receiving the SSL certificates from DigiCert, you can proceed with the installation of these certificates.

Step 2: Install and configure SSL certificates on IIS 8 or IIS 8.5 on Windows Server 2012

After verification and issuance of the SSL certificate, you can install the certificate on your Windows Server 2012 machine, at the location where the CSR was created. Then, configure the server to use this SSL certificate.

How to Install SSL Certificate and Configure the Server to Use the Certificate

Install SSL Certificate

1. On the server where you generated the CSR, save the SSL certificate file with the extension .cer (e.g., your_domain_com.cer) that you received from DigiCert.

2. Navigate to the Start Screen and open Internet Information Services (IIS) Manager.

3. In the Connections table, locate and click on the server.

4. On the server's home page (in the middle pane), under IIS, double-click on Server Certificates.

5. In the Actions menu (in the middle panel), click on Complete Certificate Request.

6. In the Complete Certificate Request guide, on the Specify Certificate Authority Response page, enter the following information:

- File name containing the certificate authority's response: Click the three-dot icon to browse for the .er file you received from DigiCert.

- Friendly name: Enter a name for the certificate. This name is not part of the certificate but is used to identify it.

Note: It's recommended to append the digital certificate authority (CA) and expiration date to the end of the certificate name. This helps identify the issuer and expiration date of each certificate, and also distinguishes multiple certificates with the same domain.

- Select a certificate store for the new certificate: From the dropdown menu, choose Personal.

7. Click OK to install the certificate.

8. After successfully installing the SSL certificate, the next step is to configure the website to use this certificate.

Assign SSL Certificate

9. In the Internet Information Services (IIS) Manager window, in the Connections table, expand the server name with the installed certificate. Then expand the Sites section and select the page you want to secure with the SSL certificate.

10. In the Actions menu (right pane), click on Bindings.

11. In the Site Bindings window, click on Add.

12. In the Add Site Binding window, select the information below and click OK:

- Type: From the dropdown menu, select https.

- IP address: From the dropdown menu, choose the IP address of the website or select All Unassigned.

- Port: Enter 443 (SSL uses port 443 to secure traffic).

- SSL certificate: From the dropdown menu, select your new SSL certificate.

13. Your SSL certificate has now been installed, and the website has been configured to accept secure connections.

Install and Configure Server Using SSL Certificates with SNI

Follow the steps below to install multiple SSL certificates and configure the server to use these certificates using SNI.

Install SSL Certificate

Follow these instructions only once (for the first SSL certificate):

1. On the server where you generated the CSR, save the SSL certificate file .er.

2. On the Start Screen, search for and open Internet Information Services (IIS) Manager.

3. In the Connections table, locate and select the server.

4. On the server's home page (in the middle pane), under IIS, double-click on Server Certificates.

5. In the Actions menu (right pane), click on Complete Certificate Request.

6. In the Complete Certificate Request guide, on the Specify Certificate Authority Response page, enter the following information:

- File name containing the certificate authority's response: Click the three-dot icon to browse for the .er file you received earlier.

- Friendly name: Enter a name for the certificate. This name is not part of the certificate but is used to identify it.

Note: It's recommended to append the digital certificate authority (CA) and expiration date to the end of the certificate name. This helps identify the issuer and expiration date of each certificate, and also distinguishes multiple certificates with the same domain.

- Select a certificate store for the new certificate: From the dropdown menu, choose Web Hosting.

7. Click OK to install the SSL certificate.

Note: There is an issue on IIS 8 where clicking OK may result in a Failed to remove the certificate error. If this is the same server used to generate the CSR, you can ignore the error. Just click OK and press F5 to refresh the list of server certificates.

If the new certificate appears in the list, it has been successfully installed. However, if you wish, you can verify the certificate's presence in the Web Hosting certificate store. If the certificate doesn't appear in the Web Hosting certificate store, you can manually move the certificates there.

If the certificate doesn't appear on the list after refresh, you may need to reissue your certificate using a new CSR.

8. After successfully installing the SSL certificate, the next step is to configure the website to use this certificate.

9. In the Internet Information Services (IIS) Manager window, in the Connections table, expand the server name with the installed certificate. Then expand Sites and select the page you want to secure with the SSL certificate.

10. In the Actions menu (right pane), click on Bindings.

11. In the Site Bindings window, click on Add.

12. In the Add Site Binding window, select the information below and click OK:

- Type: From the dropdown menu, select https.

- IP address: From the dropdown menu, choose the IP address of the website or select All Unassigned.

- Port: Enter 443 (SSL uses port 443 to secure traffic).

- SSL certificate: From the dropdown menu, select the SSL certificate installed in step 7.

13. The first SSL certificate has been successfully installed, and the website is configured to use secure connections.

Install Additional SSL Certificates

To install and assign additional SSL certificates, repeat the following steps:

1. On the server where you generated the CSR, save the certificate file .er again.

2. From the Start Screen, search for and open Internet Information Services (IIS) Manager.

3. In the Connections table, locate and select the server.

4. On the server's home page (in the middle pane), under IIS, find and double-click on Server Certificates.

5. In the Actions menu (right pane), click on Complete Certificate Request.

6. In the Complete Certificate Request guide, on the Specify Certificate Authority Response page, enter the following information:

- File name containing the certificate authority's response: Click the three-dot icon to browse for the .er file you received earlier.

- Friendly name: Enter a name for the certificate. This name is not part of the certificate but is used to identify it.

Note: It's recommended to append the digital certificate authority (CA) and expiration date to the end of the certificate name. This helps identify the issuer and expiration date of each certificate, and also distinguishes multiple certificates with the same domain.

- Select a certificate store for the new certificate: From the dropdown menu, choose Web Hosting.

7. Click OK to install the SSL certificate.

8. After successfully installing the SSL certificate, the next step is to configure the website to use this certificate.

9. In the Internet Information Services (IIS) Manager window, in the Connections table, expand the server name with the installed certificate. Then expand Sites and select the page you want to secure with the SSL certificate.

10. In the Actions menu (right pane), click on Bindings.

11. In the Site Bindings window, click on Add.

12. In the Add Site Binding window, select the information below and click OK:

- Type: From the dropdown menu, select https.

- IP address: From the dropdown menu, choose the IP address of the website or select All Unassigned.

- Port: Enter 443 (SSL uses port 443 to secure traffic).

- SSL certificate: From the dropdown menu, select the SSL certificate installed in step 7.

- Host name: Enter the server name you want to secure.

- Require server name indication: Check the box below the server name.

Note: This option is required for any additional certificates/websites installed after installing the first certificate on the main page.

- SSL certificate: From the dropdown menu, select the SSL certificate installed in step 7.

13. The additional certificates are successfully installed, and the website is configured to use secure connections.

Diagnosing and Resolving SSL Certificate Issues

Unlike SSL connection error troubleshooting on a computer, if your website is publicly accessible, you can use the SSL Installation Diagnostics Tool to diagnose SSL issues and find solutions.

Download the SSL Installation Diagnostics Tool and install it here: Download SSL Installation Diagnostics Tool

So, Mytour has just guided you on how to generate CSR and install SSL certificates on IIS 8, 8.5. Additionally, readers can explore Mytour for more information on generating CSR files and installing SSL certificates on IIS 7 (Windows Server 2008). Best of luck to all.