Tuesday, 26 June 2012

How to get a new SSL certificate for your website

The tutorial below on obtaining SSL Certificates will walk you through something Support Specialists like Terri will regularly perform for our Windows Cloud Server and Dedicated Windows Server clients that are set up on on our Complete Care Managed Services (CCMS).

I am asked quite often how to request an SSL certificate for a website. I decided to blog about this as a way to help the new web administrator get started with obtaining an SSL certificate when that functionality is requested.

There are multiple steps required to request, obtain and install a new SSL certificate on your website. For this walkthrough, I will cover the steps necessary to complete this process in IIS7.

The first step is to generate a Certificate Signing Request (CSR). This is done via Internet Information Services (IIS) Manager. The second step is to submit the CSR to a Certificate Authority. There are quite a few companies that perform this service including Symantec, Thawte, and GeoTrust. The last step is the completion of the request within IIS Manager that installs the certificate on your server. Once each of these steps is completed, you are set to configure your website using SSL to protect yourself and your customers.

The first step requires you to generate a CSR. This file is an encrypted document that contains information about the SSL certificate that you would like to obtain. To start this process, open IIS Manager and select your server name from the Connections Window. This will open the features available on your IIS instance in the Features View window on the right.

Double click on Server Certificates which will open another window within the Features View frame. Click on Create Certificate Request in the Actions menu on the right side of the application. This will open a wizard that is used to gather the information for the request. For simplicity sake, you should always enter the domain name that you would like to generate the CSR for as the Common name. All of the fields must be completed before you can continue within the wizard. The one that stumps most people is the Organizational unit. This can be anything. OrcsWeb usually specifies Internet as seen below.

After clicking Next, you are prompted for the Cryptographic service provider and bit length information. The provider should be left as Microsoft RSA SChannel Cryptographic Provider and the bit length should be changed to 2048 for most implementations. There are some Certificate Authorities that are no longer issuing certificates using 1024 bit length which is the default. Click on Next and lastly specify a filename for the request and click Finish.

You are now ready to submit your request for a CSR to the Certificate Authority of your choice. When the request has been processed, the Certificate authority will provide you with the file necessary to complete the request on your server.

Once you have received the response file from the Certificate Authority, it is time to complete the request process. Log back on to the server where you generated the CSR. Open IIS Manager and click on the server name in the Connections box on the left. In the right hand window, double click on Server Certificates. Click on Complete Certificate Request…

Navigate to the folder where you saved the response from the Certificate authority. Enter the requested domain name in the Friendly name: input box.

Click OK and the request will be completed and the certificate will be installed. You are now ready to bind your website to the SSL port 443 and assign your new certificate.

Click on the [+] sign by Sites to expand the website on your server. Select your site name by clicking on it. Click on Bindings in the Actions pane.

Click on Add in the Site Bindings window. Change the Type: to https and click on the dropdown arrow in the SSL certificate box. Select your domain name and click OK.

Your website is now ready to serve SSL encrypted data via the Internet to your customers. This process is slightly different if you are using a different web server but the general concepts are still the same.

No comments:

Post a Comment