Are you trying to install SSL certificate in IIS 7 windows 2008 server?
This guide is for you.
Windows Server 2008 (IIS 7) is one of the widely used, and we are getting many queries regarding SSL installation on it.
You can obtain an SSL certificate for your domain directly from a Certificate Authority (CA). You'll then have to configure the certificate on your web host or on your own servers if you host it yourself.
In this context, we shall look into how to configure SSL Certificates on your Server.
More information about IIS ?
Internet Information Services(IIS) is a web server that runs on the Microsoft .NET platform on the Windows OS.
It's stable and versatile, and it's been widely used in production for many years.
IIS 7 and above are the product name used for referring to the versions of Internet Information Services (IIS).
How to generate CSR for installing SSL certificate in IIS 7 ?
Recently, one of our customers approached us with the request to install an SSL Certificate in the IIS 7 Windows 2008 server.
In order to begin, first, we have to generate CSR.
To do the same, we follow the below steps:
1. Open the IIS manager.
2. Then, select the server node in the treeview and double-click the Server Certificates feature in the list view.
3. Then, from the Actions pane on the top right, we select Create Certificate Request. Now the Distinguished Name Properties dialog box opens.
4. There, we fill in all the details and click OK.
5. The next screen of the wizard will ask to choose cryptography options. The default Microsoft RSA SChannel Cryptography Provider is fine and a key bit-length of 2048.
6. Finally, we specify a file name for the certificate request and save it to a location.
7. At last, using the CSR generated we purchase a Certificate.
Steps to Install SSL certificate in IIS 7 ?
Next is Installing the certificate.
Given are the steps we follow to perform the installation:
1. Firstly, open the ZIP file containing our certificate. Then, save the file our_domain_name.cer to the desktop of the web server we are securing.
2. Next, click on Start >> Administrative Tools>> Internet Information Services (IIS) Manager.
3. Then, click on the server name.
4. From the center menu, we double-click the “Server Certificates” button in the “Security” section.
5. Then, from the “Actions” menu, click on “Complete Certificate Request.” This will open a Complete Certificate Request wizard.
6. Browse our_domain_name.cer file and enter a friendly name.
7. Click “OK” will install the certificate to the server.
8. Once done, our Experts assign that certificate to the appropriate website using IIS.
9. From the “Connections” menu in the main Internet Information Services (IIS) Manager window, we select the name of the server to which the certificate was installed.
10. And, under “Sites,” we select the site to secure with SSL.
11. After that, from the “Actions” menu, click on “Bindings.” This opens the “Site Bindings” window.
12. In the “Site Bindings” window, clicked “Add…”. Which will open the “Add Site Binding” window.
13. Under “Type”, choose https. T. The “SSL Certificate” field should specify the certificate that was installed in the step before.
14. Click "OK.”
15. Hence, the SSL certificate is installed, and the website configured to accept secure connections.
Common errors encountered when performing SSL certificate in IIS 7 ?
Here, you will see how to fix a few errors we may come across during these processes.
i. Cannot find the certificate request associated with this certificate file.
This error occurs when we try to install a certificate using Microsoft Internet Information Services (IIS) 7.0 Manager.
We may come across either of these messages:
Error message 1:
Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created.
Error message 2:
There was an error while performing this operation
Details: CertEnroll::CX509Enrollment::p_InstallResponse: ASN1 bad tag value met.
The certificate is installed correctly despite the error message.
This issue occurs because the IIS Manager performs a lookup operation to look for a friendly name of the certificate during the installation.
However, the code that performs this lookup operation misses this specific case, and it does not know how to retrieve the friendly name of a certificate in a PKCS#7 file. That is why the lookup operation fails, and we receive the error message.
To resolve this problem, add a friendly name to the certificate:
1. Select Start >> Run, certmgr.mmc >> OK.
2. Select File >> Add/Remove Span-ins >> Certificates >> Add >> OK.
3. Then select Computer account >> Next >> Finish >> OK.
4. Expand Certificates (Local Computer), and Personal, and then Certificates.
5. Right-click the certificate, and then select Properties.
6. Edit the Friendly name field.
ii. The request or private key cannot be found
While installing an SSL certificate using IIS 7.0, we may also receive the error:
The request or private key cannot be found . The request or private key cannot be found
An incorrect certificate or server mismatch can cause this error.
In such a case, make sure we use the correct certificate and that we are installing it to the same server that we generated the CSR on.
However, if we are sure of those two things, we may just need to create a new Certificate Request and reissue/replace the certificate.