In this article, we will explain detailed steps about configuring your web application with a trusted SSL Certificate. We have taken the example of SSL Certificate Configuration for our website domain name appdec.com. You need to use your domain name.
The configuration of the SSL certificate has three main steps:
- Create Certificate Request
- Generate the primary key for that request
- Complete Certificate Request
Create Certificate Request
Open Internet Information Services (IIS), Manager Start > IIS find Server Certificates like in figure 1.0
In the right side of the window find Create Certificate Request, look figure 1.1
In this step you have to fill some information about your company.
And then click NEXT to continue with the certificate request. In Cryptographic service provider don’t change anything, after this, you have to choose the Bit length based on the certificate you bought, in our case we have a certificate with 2048 bit length.
And then click NEXT to continue. In the last steep to complete certificate request, you have to choose the directory and have to specify a file name for the certificate request. After this click FINISH to finish the request.
Generate Primary Key
After generating the certificate request CSR, the next step is generating a private key for that certificate.
To do so, you will need to open MMC Certificates snap-in in the following way:
Win + R > mmc.exe > OK > File > Add/Remove Snap-in > Certificates > Add > Computer account > Next > Local computer > Finish > OK
Then navigate to Certificate Enrollment Requests > Certificates (if the certificate request was not completed) or Personal > Certificates (if the certificate request was already completed) folder.
In next step to complete the primary key of the certificate right-click on the certificate entry and click All Tasks > Export to open the export wizard.
Choose “Yes export the primary key” and click NEXT, look fig 1.10
Follow the example like in figure to continue
Write one password and don’t forget it, you will need it in the next steps.
Choose the directory to save the primary key of the certificate, you have to save it in the same folder when you have the certificate request file (recommended).
If you didn’t save the primary key in the same folder of the certificate request file you have to move it to your certificate request folder.
To verify that you have generated the private key successfully go to IIS Manager > Server Certificates > Right Click > View
If you see the message “You have a private key that corresponds to this certificate” you completed this step successfully.
The next step is opening your certificate request file and copying its content which you will need later to make the request from your SSL provider.
Next step is to login with your account at the website of your SSL’s provider (e.g. comodo.com) and then find the option to issue the certificate.
It will look something like this, like Fig.1.17
In the “Certificate Signing Request” field paste the Certificate Request code you copied earlier.
At the SAN field write the domain you want to configure SSL for (e.g. appdec.com) and click Get Approval Email.
After this step, you will be asked to put your email in which you want to receive your confirmation email.
Click Add and then click Issue Certificate.
You will then receive an email to the email address that you provided
After you confirm your request, another email containing the certificate files will be sent to your email.
The files should look something like this:
Complete Certificate Request
Now, go to IIS Manager > Server Certificates > Complete Certificate Request.
Then, select the directory containing those files you received via email, and give your certificate a friendly name (e.g. appdec.com) and click OK.
In the list of your certificates, now, you should be able to see your completed certificate.
The next step is to go to your application > right click > Edit Bindings.
Then go Add > Select https > Select your completed certificate > OK.
Congratulations, your application is now configured with a trusted SSL certificate.