Home > IIS, Windows > Configure an IIS Domain Member Server with Certificate from Enterprise Certificate Authority

Configure an IIS Domain Member Server with Certificate from Enterprise Certificate Authority

In this entry I will discuss setting up a certificate to encrypt traffic via HTTPS for an IIS 7.5 web site.  This example assumes that that IIS web server is a member of an Active Directory domain and that an enterprise certificate authority (CA) is configured on a server in this domain.  You can find details on how to set up an enterprise CA for you domain here.  Time to get started.

Go to Start > Administrative Tools > Internet Information Services (IIS) Manager.

Highlight the server name in the left pane, then scroll down in the center pane and double click Server Certificate.

Now in the right Actions pane click “Create Domain Certificate”.

Enter the name information for the new certificate.  Most important is the Common Name, here you’ll want to use the server name that you’ll use to access the web site in the browser’s address bar.  This has to be exactly the same or you’ll receive a warning about the certificate.  You can specify only the server name if the server is in search domain configured on the client, but best practice is to enter the full qualified domain name like “YourServer.YourDomain.com”.  Click Next.

Click Select.

Highlight the certificate authority that will sign your web site certificate and click OK.

Under Friendly Name chose a name for the new certificate.  Generally I like to include the Common Name specified previously with the format “CommonName-CertificateAuthorityServerName” so this certificate is easier to identify in IIS later.  Click Finish.

Back at IIS Manager, select “Default Web Site” in the left pane and click Bindings in the right Actions pane.

In the Site Bindings dialog highlight https and click Edit.  If https is not displayed click Add and select https in the Type dropdown list.

In the SSL Certificate dropdown list, select the certificate with the Friendly Name from the trusted CA we created earlier.  Make sure and choose the right one, if you select the existing self signed certificate it won’t work.  Click OK, click Close, and close the IIS Manager.

Your IIS web site is now configured to accept HTTPS traffic!

Categories: IIS, Windows Tags: ,
  1. Jim
    January 17, 2012 at 10:54 pm

    Nicely done. I was looking for something simple…a 1-tier Root CA; and it took me a while to find this. Thanks for the clarification comments as well. I’ll now implement the solution with confidence ;-)

  2. Scott Rosenblatt
    May 30, 2012 at 2:03 pm

    and make sure you log on to the server with domain credentials, if you use local admin to logon the select button will be greyed out.

  1. April 17, 2010 at 1:09 am
  2. May 25, 2010 at 12:31 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: