Forum Discussion
Help to configure IIS with SSL
Hello...
I am starting in Windows Server administration, in a new company, they have asked me to configure SSL certificates for two intranet sites they have in Internet Information Services, I suggested buying some certificates and create names for each site as they currently connect like this http://Ip server:port, each site has its own port of course, they tell me no I should use the functionality of Windows server, as this is only for employee connections and do not need to make an expense, what they do not want is to display the warning of unsecured site to employees.
I have followed tutorials, Microsoft documentation, creating a certificate authority, self-signed certificates, etc.
I need help, please someone who has implemented this and has a tutorial, link, whatever I can use, to do this I am being asked to do.
Hello,
first of all , congrats.
you can follow below.Steps to Configure IIS with SSL:
- Generate a Self-Signed Certificate
Open IIS Manager on the server.
In the Connections pane, click on the server name (root level).
Double-click on Server Certificates.
In the Actions pane (right-hand side), click Create Self-Signed Certificate.
Provide a friendly name for the certificate (e.g., IntranetSiteCert).
Select the Personal certificate store and click OK.
Bind the Certificate to the IIS Site
In IIS Manager, expand the Sites node and select the intranet site.
In the Actions pane, click Bindings.
In the Site Bindings window, click Add.
Choose https as the type, select the self-signed certificate created earlier, and specify the appropriate IP address and port.
Click OK, then close the Site Bindings window.
Enable HTTPS in the Firewall
- Ensure that port 443 (HTTPS) is open in the Windows Firewall to allow secure connections.
- Distribute the Certificate to Users
Since the certificate is self-signed, employees' devices will not trust it by default. To avoid security warnings:
Export the self-signed certificate:
- Open MMC (Microsoft Management Console) and add the Certificates snap-in for the Computer account.
- Navigate to Certificates (Local Computer) > Personal > Certificates, find your self-signed certificate, and export it as a .CER file.
Distribute the .CER file to employees.
Instruct employees to install the certificate in the Trusted Root Certification Authorities store:
- Open the .CER file, click Install Certificate, and choose to place it in the Trusted Root Certification Authorities store.
- Redirect HTTP to HTTPS (Optional)
- If you want to ensure all traffic is encrypted, set up a redirect from HTTP to HTTPS:
In IIS Manager, select the intranet site.
Double-click HTTP Redirect.
Check Redirect requests to this destination and specify the HTTPS URL.
Check Redirect all requests to exact destination and choose Permanent (301).
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Hi Alikoc.
Thanks for the prompt reply and detailed steps, I have followed everything step by step, but still the certificate warning is displayed.
I was trying from another server within the network and it gets the same error, I don't know what I am doing wrong.
You have to include the IP address in the Certificate Subject Alternative Name field in the certificate. There are additional steps between generating the self-signed certificate in IIS and binding the certificate to a site.
Copilot prompt: How to create and export a self-signed certificate in IIS to include the IP address 192.168.3.22 in the Certificate Subject Alternative Name field
