This tutorial goes through the process of setting up and SSL certificate within IIS7/8 - using a certificate issued by a dedicated third party (rather than a self-signed certificate which is generally used for internal development only).
Generate the SSL Certificate Request in IIS
Open IIS and click the server node on the left, then select the Server Certificates icon
Now press the Create Certificate Request link on the right
Complete the form, ensuring that the Common name field contains the domain name that you wish to secure, then press Next
In the next part, leave the top field selected as Microsoft RSA SChannel Cryptographic Provider. but change the Bit length field to 2048 or greater. This is because the next generation of SSL certificates need to be stronger, as hacker's resources are getting better all the time. I use 2048 bits:
Specify a location to save the request. The request is just a simple text field that will be submitted to the SSL issuer. I use the domain name as the file name:
Send the Certificate Request to a Certificate Issuer
You now need to pick an issuing body for your certificate. There are a number of providers. You should ensure that the provider you pick is recognised by the majority of internet browsers (so your users will see the secure padlock icon and the browser trusts the issuer). Providers include:
Have a read of what each provider offers, as some offer more functionality than others. I opted for Thawte's basic SSL123 certificate for my domain, and will use them for the rest of this tutorial (however, the process will be the same for other providers).
Create an account with the provider, and select the product you want, the number of servers it will be used for, and the number of years before you need to renew it:
In the next page, select the server platform (in my case IIS7, which I believe also applies to IIS8 as there's no option for IIS8 in Thawte). Then, copy and paste the content of the certificate request that you saved to your desktop earlier. Note that you must remove any trailing carriage returns/spaces:
select the email address on your domain that will receive the verification from the provider. This must be a functioning, valid email address:
Finally, complete the payment information and wait until the verification email is sent to the email address you provided (this may take few hours).
When the email arrives, click the verification link contain in it. This will validate your email address and instruct the providers to issue your certificate:
Your new SSL certificate will then arrive by email later in the day.
Outlook may not allow you to access the attached file. If so, highlight all the text between (and including) the BEGIN and END comments:
-----BEGIN NEW CERTIFICATE REQUEST----- MIIEczCCA1sCAQAwgZExCzAJBgNVBAYTAkdCMSEwHwYDVQQIDBhNeSBDb3VudHkv U3RhdGUvUHJvdmluY2UxEDAOBgNVBAcMB015IENpdHkxGDAWBgNVBAoMD015IENv --- hightlight everything shown here including the BEGIN and END comment lines. SzfV6e0WirsfUY9Sa1U9Tn9fz6LwbW9KhlDwqsOA7pwILzagjRkWRxSl4vkERpqp MWUI3V+44i4l84kFTRBiSf1/G1B9WNg4ydpWdo2NX2p2RtL7cKSR -----END NEW CERTIFICATE REQUEST-----
Copy this into Notepad, and save the file to the desktop as www.mydomain.co.uk.cer (note the .CER file extension). You will see this on your desktop:
Install the SSL Certificate in IIS 7/8
The final part is to migrate the new certificate into IIS and use it for a domain name. Open IIS again and select the Server Certificates function (the same place as at the start of this guide).
Select Complete Certificate Request
Locate the .CER file you created earlier, then provide a friendly name for this (I use the domain name). Optionally, I also chose to store the certificate in the Web Hosting section of the certificate manager.
Press OK, and you will see the certificate listed. Note that if you get an error message here like this:
Failed to Remove Certificate
. it may be that a certificate for this domain already exists (e.g. an old, expired version that you are replacing). If so, you need to open the Manage User Certificates function in Windows and remove the old one first.
Apply the SSL Certificate to a Domain Name in IIS
Select the domain name in IIS and click the Bindings link on the right.
Create an entry for HTTPS, and specify your SSL certificate:
Press OK, and IIS will now serve your site over SSL when using the HTTPS protocol.