Installing an SSL certificate is like putting on a bulletproof vest before entering a war zone. Both are essential extra layers of protection. That precious data and day-to-day business on your server is too valuable to gamble with.
Below is a handy guide that will guide you on configuring new certificates on Windows-based servers. The process is quick and straightforward for even beginning administrators. Take things slow and steady, and soon that reassuring green padlock icon will be up in the browser window.
What You Need to Install Imported Certificates on Windows Server
Before starting the process, kindly have each of the following:
- Valid SSL certificate file: You must have a valid .crt, .cer, or .pem file. The SSL should be issued specifically to the domain name of your site. If you do not have one yet, buy wildcard SSL certificate and import it.
- Admin access to the server: You need administrator access to the Windows machine running IIS. Either sign in with an admin account directly or have an admin account ready to elevate privileges when required.
- Operational website: The IIS website or web application should already be configured and working as expected on the Windows server. The SSL certificate will be bound to this site to enable encryption. So, resolve any underlying issues first before moving to secure the site with certificate installation.
Step-by-Step Guide on Installing Imported Certificates on Windows-Based Web Servers
Once you have all the prerequisites and an already imported certificate, follow this guide to the latter:
Step 1: Go to the IIS Manager
The Internet Information Services (IIS) Manager is the tool administrators like you use for Windows servers. This tool allows you to configure settings and manage websites hosted on IIS servers.
To open the IIS Manager:
- Click on the Start menu and search for “Internet Information Services (IIS) Manager”. Select it to launch the console.
- You can also access it from the Windows Administrative Tools folder. Launch your Start Menu, then go to the Control Panel. From here, choose “System and Security,” then “Administrative Tools,” and finally Internet Information Services (IIS) Manager.
- The IIS Manager console will open, displaying connections and websites hosted on the local server by default. You can also connect to remote servers running IIS from here.
Step 2: Select the Target Website
The next task is to navigate to and select the website or web application hosted in IIS that the SSL certificate will be bound to. This should match the common name, often the FQDN, that appears on and is associated with the certificate imported earlier. Follow these mini steps:
- In the left-side navigation pane, click on “Web Sites” to display websites hosted on this IIS instance.
- Browse the list of websites until you locate the one intended to have encryption enabled after importing the certificate.
- Right-click the website and choose “Edit Bindings…”. Review bindings to confirm this is the correct site tied to the certificate. Click Cancel afterwards.
Step 3: Access SSL Settings for the Website
After identifying the specific website to enable SSL on, the next step is to access the encryption and certificate management options for that site. This screen allows you to view currently assigned certificates and import new ones to be bound.
- With the target website still selected in the left pane, click “Properties” in the middle Features View pane.
- Next, navigate to “Directory Security” from the pop-up menu.
- Tap “Server Certificate” and voila, you are done with step 3.
Step 4: Install the Imported Certificate
Once you are done with the above step, you will be taken to a page titled, “ Welcome to the Web Certificate Wizard.” While in this page, follow these mini steps:
- Start by tapping on the “Next” button just on the bottom right side of this page.
- You will be taken to the “Available Certificates” window. Here you will see all the certificates that you have already imported. Tap on the specific one that needs to be assigned on the website in question.
Step 5: Configure the SSL Port
Once you have selected the certificate in question, tap “Next.” This will take you to the SSL Port window. While here, configure the following:
- Change the SSL port number. The default one is 443. It is appropriate in most situations. If it is not in your case, change it to the correct number.
- Review information about the certificate. Check if you have selected the correct certificate. Ensure the SSL port number is correct and all the details. Once you are sure you have everything correct, tap “Next.”
Step 6: Complete the Process
Once you are done with step 5 above, you will be taken to a “Completing the Web Server Certificate Wizard” window. All you need to do is tap on “Finish.” A pop-up will appear; hit your enter button or just select “OK” from the screen.
Step 7: Restart IIS Services
The final step after assigning the imported certificate and configuring encryption bindings in IIS is to restart Windows Server’s IIS services. This allows all the SSL certificate installation changes to fully take effect.
There are various ways to restart IIS services:
- In the IIS Manager console connected to the server, click on the server name in the “Connections Pane.” Choose “Restart” in the Actions pane. This will restart only IIS-related services.
- Alternatively, you can restart all services by rebooting the entire Windows Server machine through the Start menu or Command Prompt/PowerShell with the “shutdown /r” command.
- Restarting IIS services or rebooting the server may take several minutes for a full restart.
Once the server is back up:
- Reopen IIS Manager and access the website to validate the certificate is now correctly shown as bound to the site in SSL Settings
- Try browsing to the website in a few browsers to verify the certificate is trusted, and you see the padlock icon
- Test site functionality to ensure traffic is flowing securely after restart
While enabling SSL has some complexity, taking a methodical approach as outlined in this guide will work for you. The procedure above enables you, as a fairly novice Windows administrator, to augment your security posture. You only need to ensure you have all the prerequisites, open the IIS manager, and follow all the steps outlined to complete the task.