An SSL Certificate is a Private/Public Key pair that is provided and certified by a trusted partner. The Private Key part of the certificate is installed on the server and the public key part is downloaded on the clients.
Generation of SSL Certificate in IIS7
An SSL Certificate can be generated by following the below steps:
Step 1 – Purchase a SSL Certificate from a certifying authority, like Comodo. This will just ensure that you have a place where you can request a certificate of the type that you purchased. However, the certificate will still need to be requested separately.
Step 2 – Generate a CSR file using the steps described here. This will generate a text file which will need to be uploaded to the Certificate Provider’s portal (You should get the login to this from Step-1.
Step 3 – Download the certificate (.cer) file from the Certificate Provider account. This may also be sent across by the provider in an email.
SSL Certificate Deployment on IIS7
Installation on the same server from which CSR was generated
Once you have the certificate file, you will need to install it on the IIS server. The instructions to do this can be found here. A few notes need to be kept in mind:
1. This will help allow you to install the certificate only on the server from which the CSR was generated. Look below for instructions on installing the certificate on a different server.
2. Sometimes the IIS7 installation of the certificate shows the error – “Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created.” when you are trying to install the certificate on the same system from which you generated the CSR. In this case you need to click “cancel” and just refresh the certificate store to see the new certificate.
Installation on a server other than the one from which CSR was generated
1. In order to do this, you must first install the certificate on the server from which the CSR was generated. Once this is done, you will find the certificate appearing in the IIS as shown below.
You need to right-click on the certificate and select “Export”. Then you will be asked for a file name and password. The password can be any password of your choosing, but you will need to make a note of it in order to install the certificate on a different server. This will give you a .pfx file.
2. Now, you will need to copy the .pfx file on the second server.
3. Then you need to import the .pfx file into the IIS. In order to do this you need to select the “Import” option as shown below.
4. Here you will need to select the .pfx file copied in Step 2, and provide the password that you set in Step 1.
5. Your certificate will now be imported into IIS. You can set the binding of your website(s) to point to this certificate the same way as you did on the first server.
Conclusion
This should deploy the SSL certificate on your website and your website should now work with the new SSL certificate. However, in case you are using a Load Balancer, you will need to deploy the SSL certificate on the Load
Balancer as well. In the next part, I will show how to deploy the SSL Certificate on an AWS Elastic Load Balancer.
Balancer as well. In the next part, I will show how to deploy the SSL Certificate on an AWS Elastic Load Balancer.
Singh Spectrum 
Leave a comment