SSL Creation and Installation for IIS

Owned by Jeremy Kramer
Last updated: Dec 14, 2020
2 min read

For setting up an SSL Certificate in IIS using MMC

Step-by-step guide

Creating the CSR on the server:

  1. Go to start and type in MMC → right click and run as administrator
  2. File → Add/Remove Snap-in
  3. Choose Certificates in the Available snap-ins and click on "Add"; Click ok; Choose Computer Account and then Local Computer in the next screen; Finish
  4. Expand Certificates to Personal → Certificates and click on Certificates
  5. In the main screen, right click → All tasks → Advanced Operations → Create Custom Request...
  6. Choose Proceed without enrollment policy; No Template and PKCS #10; Click on Details then Properties in the Custom request
  7. Subject Tab enter the following
    1. Common Name: address for the server (example:  collss-dev16.ads.carleton.edu)
    2. Organization: Carleton College
    3. Organizational Unit: ITS
    4. Street Address: One North College Street
    5. Locality: Northfield 
    6. State: MN
    7. Country: USA
  8. Private Key Tab select the following
    1. Cryptographic Service Provider
      1. RSA, Microsoft Software Key Storage Provider
    2. Key Options
      1. Key Size: 2048
      2. Check "Make private key exportable"
    3. Select Hash Algorithm
      1. Choose sha256
  9. Choose where to save the Certificate Signing Request you've just set up

Creating the Cert

We use InCommon

  1. https://cert-manager.com/customer/InCommon?locale=en
  2. Go to the Certificates tab;  Click on Add
  3. Manual create of CSR
  4. Paste the CSR that was generate in the file from the previous step
  5. Verify information is correct
    1. Certificate Type: InCommon SSL (SHA-2)
    2. Certificate Term: 2 years (currently this is the longest period of time but choose longer if available)
    3. Server Software: This may change but if generated in IIS then choose Microsoft IIS 5.x and later.  This is specific to where the cert will be used
    4. Next; Decide if the cert should be auto renewed; Ok
  6. Find the Cert you just created in the list, selected it and Approve.
  7. Once approved, selected it and click on Details
  8. Download the Cert: X509 Base64 PKCS#7, PEM encoded

Installing the Cert

  1. Go back to MMC → Personal → Certificates
  2. Right click, All tasks → Import...
  3. Browse to the cert file you downloaded from InCommon
  4. Place all certificates in the following store: Personal
  5. Finish

At this point you can go into IIS.  For the website you need the cert, click on Bindings and create a https binding.  Select the cert you just created from the drop down list