Press "Enter" to skip to content

Setting Up HTTPS on IIS in 2024

By Aryan on October 27, 2024

Hosting websites on a windows server using the IIS – Internet Information Services is painful in 2024 for a new developer. The technology is so old that people who know how to use this are very proficient in it and the documentation is very limited and assumes you know a lot of the stuff beforehand which makes it difficult for new developers like me to actually get the stuff working without hitting a roadblock. One such issue is setting up https for your website by binding your SSL certificates.

SSL certificates prove that the website you’re connecting to genuinely owns the registered domain name, helping ensure secure, encrypted communication between the user and the correct server.

When my previous SSL certificate expired I went and bought the same SSL i had earlier without skipping a beat. But you might want to deciede what type of SSL certificate you should purchase based on your future requirements. The most common options are:

  • Single-Domain SSL: Secures a single domain (e.g., techknowhow.club).
  • Wildcard SSL: Secures a domain and all its subdomains (e.g., *.techknowhow.club).
  • Multi-Domain (SAN) SSL: Secures multiple specified domains or subdomains in one certificate.

I did not plan on this which is why i ran into a problem shortly after setting up the SSL for techknowhow.club.

Let us try understanding how to actually do this now. Firstly we need to generate a CSR code on our IIS server which will be used to create the SSL certificate. You can create the SSL certificate by generating a CSR code from the SSL provider directly also but i would not recommend that approach.

Generating CSR code on iis server

You need to go to the server panel in your iis and go to server certificates. Create a Certificate Request from the top right panel.

Enter your details, select 2048 bits for the encryption and select the path where you want to create a certificate request and name the file.

On completion a .txt file will be created at the defined location whose contents look somewhat like this.

-----BEGIN CERTIFICATE REQUEST-----
.
.
.
.
.
.
.
-----END CERTIFICATE REQUEST-----

Copy the entire contents of this file and use this as the CSR code while creating the SSL certificate from any SSL provider like GoGetSSL or ZeroSSL.

Validate your SSL Certificate

Now your SSL certificate will be generated but you still need to validate that the domain name also belongs to you. There are multiple ways you can choose to validate this the easiest i find is to use the validate using DNS option.

Validate using create a DNS record

You will be provided a DNS record by the SSL provider which you need to create through the service which handles your domain/dns. For me its godaddy so i simply log on to godaddy and create a DNS record.

Generally you would have to create a DNS record of the type CNAME with the given target and host. You are not required to enter your domain name anywhere. Also feel free to keep a custom TTL (time to live) – i keep mine at 600 seconds which is the lowest godaddy allows.

Once this is done validate the DNS record from your SSL provider’s portal, and you should have your SSL certificate in minutes.

Installing the Certificate

Now add this certificate to the same path which you defined while creating the certificate request. Make sure you do not move the files around. I had the genius idea of organizing my old certificate files and new certificate files in 2 different folders after creating the certificate request which meant when i wanted to complete the certificate request my path wasnt the same – which caused iis to reject my certificate every time.

So the way this works is that when you create a certificate request through iis it creates:

  • CSR code
  • Private key

The private key is stored on the server and is associated with the CSR code and any request with the path and same CSR code.

Now we need to complete the certificate request for which you need to move your SSL certificate to the same folder with your CSR code and through iis – Complete Certificate Request. If the CSR code doesn’t match with the private key or the SSl does not match with the CSR code the certificate will be rejected.

Binding the SSL Certificate to your website

Now choose your website from the section on the left on iis and click on bindings. If you already have https bindings edit them or create a new binding using https make sure you select the same SSL certificate here which you have just created. I would recommend deleting the old certificates from iis to avoid confusion.

Simply restart your server once this is done and you should be good to go!

My Mistake

After configuring SSL for techknowhow.club i went and tried to add the same certificate for my subdomains like codeclip.techknowhow.club which is when i realised that you need a different type of SSL certificate altogether for this; and those are expensive. Another alternative to the expensive multidomain r wildcard SSL certificates would probably be to just buy another domain SSL certificate. This works only if you have only a few subdomains otherwise this would become more expensive than buying a multidomain or wildcard. Generally domain SSLs are cheaper than the other options. Another option is to use a free SSL certificate however those have a much shorter validity period of only 90 days. But they might just be a really good option for maybe a hackathon project or a capstone project.

Published in Installation & Configuration and Tools & Platforms

Aryan
Aryan

Aryan is an editor and TechKnow Geek at Club TechKnowHow! He loves sharing cool stuff about tech and code in a way that's easy to understand and apply. Connect with him on LinkedIn & Instagram for updates and fun techie chats.🚀

More from Installation & ConfigurationMore posts in Installation & Configuration »
More from Tools & PlatformsMore posts in Tools & Platforms »

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *