Gordon State College Information Technology Help Desk Knowledgebase
Installing SSL Certificate on IIS7 for web site
Suggested knowledgebase articles:

Installing SSL Certificate on IIS7 for web site

 Problem Description : 

Steps for installation & setup of SSL Certificate on IIS7

 

 

 Resolution : 

 

 

Install on IIS Server

 

1. Open Internet Information Services Manager (IISM) to the appropriate Server

2. Open the Server Certificates icon.

3. Open 'Complete Certificate Request' Wizard

 

From the 'Actions' Menu on the left select 'Complete Certificate Request'

4. Proceed to Complete Certificate Request' Wizard

 

Fill out all appropriate information. You may need to browse to the location of the certificate or you may enter it in the provided box. The friendly is not part of the certificate itself, but is used by the server administrator to easily distinguish the certificate. NOTE: See section below on 'Method to add Certificate to multiple subdomains' is using mutlple subwebs on same IIS Server. Friendly name must start with a * to modify host headers for subwebs.

 

Note: There is a known issue in IIS 7 giving the following error: "Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created." You may also receive a message stating "ASN1 bad tag value met". If this is the same server that you generated the CSR on then, in most cases, the certificate is actually installed. Simply cancel the dialog and press "F5" to refresh the list of server certificates. If the new certificate is now in the list, you can continue with the next step. If it is not in the list, you will need to reissue your certificate using a new CSR (see our CSR creation instructions for IIS 7). After creating a new CSR, login to your Comodo account and click the 'replace' button for your certificate.

 

Assign to Website

 

1. Navigate back to the root site of the appropriate website.

2. Select 'Bindings' from the 'Edit Site' sub menu.

3. Add Port 443

 

In the 'Site Bindings' window, click 'Add'. This will open the 'Add Site Binding' window.

 

Under 'Type' choose https. The IP address should be the IP address of the site or All Unassigned, and the port over which traffic will be secured by SSL is usually 443. The 'SSL Certificate' field should specify the certificate that was installed using the above steps.

Click 'OK' to save changes.

 

Note: There may already be an 'https' entry in this area. If so, click 'https' to highlight it. Then click 'Edit' and in the 'SSL certificate' area select the friendly name that was generated earlier. Click 'OK' to save changes.

 

Click 'OK' on the 'Web Site Bindings' Window to complete the install.

 

Important: You must now restart IIS / the website to complete the install of the certificate.

 

 

Method to add Certificate to multiple subdomains on the same IP

 

You can use one certificate for multiple subdomains using a wildcard certificate. The link below will take you to the instructions on how to setup multiple host headers in IIS 7 using one IP address...

The utility was saved on Falcon d: root (DigiCertUtil.exe). Utility must be run on the server. NOTE: This utility still works with Comodo SSL Cert and can be used. Otherwise we would have to follow the instructions below for the command line.

 

From: http://www.digicert.com/ssl-support/ssl-host-headers-iis-7.htm

 

Setting Up Host Headers in IIS 7 Using the DigiCert Utility

 

To set up host headers in IIS 7, you need to format the friendly name to start with an * character. With our DigiCert Certificate Utility this is very easy. Once you format the friendly name you can set up host headers and site bindings. If the friendly name doesn't have a * character you'll have to use the command line to configure SSL host headers to use your SSL Certificate on multiple websites. 

Formatting the Friendly Name

1.Download and run the DigiCert Utility (DigiCertUtil.exe) on your IIS server. 

2.In the utility, right-click your certificate and click Edit Friendly Name. 

Setting Up Host Headers and Site Bindings

1.Open IIS by navigating to Start > Control Panel > Administrative Tools > Internet Information Services (IIS) Manager. 

2.Expand your server name and then Sites. Right-click a website and click Edit Bindings. 

Host headers should now be properly configured for that website.

 

5.Repeat these steps as many times as needed for all of the sites you want to assign SSL host headers to. Change the host name to match the website's DNS name each time. 

 

 

Another way to create host headers for subwebs..

     

Setting Up Host Headers in IIS 7 Using the Command Line

 

Install the SSL Certificate to the site where you will use secure bindings. 

Next, open a command line by clicking Start > Run. Type cmd and click OK. 

Type cd C:\Windows\System32\Inetsrv\ to change the directory where you manage SSL host headers and click enter. 

Type the following command on one line: 

appcmd set site /site.name:"Name of Website in IIS" /+bindings.[protocol='https',bindingInformation='*:443:Host Header'] 

You can find the name of website in IIS and host header in the IIS 7 Connections window under Sites. The host header value is the value that is assigned to the (e.g. digicert.com).

You should see a response message in the command prompt that says "SITE object "your site" changed". 

Repeat the previous step as many times as necessary until you have set up SSL host headers for all of the websites that need them. If you need to enter the command for multiple sites, we recommend using our DigiCert IIS 7 SSL Host Header Command Generator. 

You may need to restart the IIS sites for the changes to take effect. You can verify the changes by opening each site in a web browser. If the wrong page is displayed for any URL, your SSL host headers have not been configured correctly. 

 

 

 

 

 Revision Date : 10/18/2013

 

Was this article helpful? Yes | No

Article Details

Article ID:
176
Category:
Knowledgebase
Rating :

Related articles