Configuring Free SSL on IIS Server

This article helps you to configure free SSL for a website hosted in IIS. For configuring SSL to any website a certificate has to be purchased from 3rd party authorities like Comodo, Identrust etc. On the other hand, you can also purchase SSL from domain name providers like GoDaddy, Bigrock etc.

There are also free SSL certificate providers like https://www.sslforfree.com, https://zerossl.com/free-ssl/#crt etc. The certificates created using these free providers are valid up to 3 months, Later you can create a new certificate or renew the existing one. In this article, we will be using sslforfree.com for generating CRT certificate and private key and then using CRT certificate and private key we will create PFX certificate which will be imported in to IIS website.

For setting up SSL you need to have a domain or subdomain. It is not possible to setup SSL with IP address.

Step #1: Generating CRT Certificates & Private Key

Go to https://www.sslforfree.com. Enter your domain or subdomain and hit Create button as shown below

We have to verify that the domain/sub-domain belongs to us. I prefer the “Manual Verification” process as shown below

Download the file as shown below

Step #2: Create IIS website & Adding MIME type

Create a website in IIS as shown below

Add a mime type in IIS as shown below

 

Step #3: Verify domain name

We have to verify that the domain/sub-domain belongs to us. For that create .well-known/acme-challenge folder inside the “testssl” website source folder. Windows will not allow you to create folder by name “.well-know” use command prompt to achieve this as shown below

Copy the downloaded file from www.sslforfree.com into the acme-challenge folder. Go back to www.sslforfree.com and click on verification link as shown below

This will open the URL in new window/tab and we will just get a random string along with the downloaded file name

Go back to www.sslforfree.com and follow the below process

The sslforfree.zip consists of the two CRT certificates and private key as shown below

Step #4: Create PFX Certificate

As discussed in the beginning we will use the two CRT and a privatekey file for generating a PFX certificate. For this process download “opensll” tool from this link https://sourceforge.net/projects/openssl/

Using command prompt navigate to “bin” folder inside the downloaded opensll folder and run below command. Change the CRT & PrivateKey path according to your machine. This command will ask for a password, enter any random password and remember it. We need that password while importing the certificate into IIS.

> openssl pkcs12 -export -out “certificate_combined.pfx” –inkey “C:\Users\admin\Downloads\sslforfree\private.key” -in “C:\Users\admin\Downloads\sslforfree\certificate.crt” -certfile “C:\Users\admin\Downloads\sslforfree\ca_bundle.crt”

This will create a PFX Certificate by name “certificate_combined.pfx” in bin folder as shown below

Step #5: Installing certificate_combined.pfx certificate

Double click on certificate_combined.pfx file and follow the below steps

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Step #6: Configuring IIS website with SSL certificate

Below image explains how to configure the website with SSL certificate

Step #7: Enable firewall port 443

Enable 443 port from the firewall as shown below

In case if you are using cloud VMS like AWS, Azure or Google, you have to enable https or 443 port in the respective cloud dashboards.

Step #8: Testing the SSL certificate

As we have verified that the domain/subdomain belongs to us, we can delete the previously created .well-known folder inside IIS website source folder. Place an index.html file in the IIS website source folder and navigate to the URL with https as shown below.

Happy Coding 🙂

Please leave a comment below, and let me know what you think!

Tags :

About the Author

Kishore Ithadi

https://in.linkedin.com/in/kishoreithadi

Leave a Reply