Knowledgebase: Cloud VPS - Windows
Obtaining and Installing an SSL Cert on Windows VPS
Posted by Helpdesk Admin on 21 August 2009 01:23 PM
To configure SSL on an IIS website, you need to complete three steps.
  1. Generate a Private Key and Certificate Signing Request (CSR) for your website
  2. Order and obtain your SSL certificate from Irish Domains or other CA.
  3. Install the Cert and any Chained Certs on your server.
Generating a Certificate Signing Request on IIS 6.0
  • Log on to your VPS using Remote Desktop.
  • Open the Internet Information Services (IIS) Manager.
  • In IIS Manager, double-click the local computer, and then double-click the Web Sites folder
  • Right-click the Web site for which you want to request a certificate, and then click Properties. Often it will be Default Web Site, yours may be different.
  • Select the Directory Security tab and click Server Certificate in the Secure communications section.
  • Click Next in the Welcome to the Web Server Certificate Wizard window.
  • Select Create a new certificate, Click Next.
  • Select Prepare the request now, but send it later. Click Next.
  • At the Name and Security Settings screen, fill in the friendly name field for the new certificate (anything memorable).
  • Select the bit length. We always recommend using 2048-bit length. 
  • Leave the 'Select cryptographic service provider (CSP) for this certificate' unchecked. Click Next.
  • Enter your Organization (e.g., ACME Widgets Ltd) and Organizational Unit (e.g., Online Sales). Click Next.
  • Enter your Geographical Information for Country, State, and City. Do not omit States and Cities. Click Next.
  • In the Certificate Request File Name box enter the path and file name where you want to save your CSR. You can use the default of c:\certreq.txt. Remember where you save it, you'll need to be able to find this CSR file later. Click Next.
  • Review the data on the Request File Summary screen. Click Next.
  • Click Finish to complete the Wizard.
  • Locate the generated CSR file and cut & paste the contents into your order form or save locally on your PC.
You can now proceed to order your certificate from Irish Domains, or from another Certificate Authority. You will probably have to approve the request from a standard email address on the domain, and depending on Certificate Type requested, you may have to pass other checks also. When the approval process is complete, you will be sent your new SSL Cert in text format. Additionally, you may be sent one or more intermediate certs in text format.

Installing your new certificate on IIS 6

Assuming that you generated a CSR using the process above, there will be a pending request on the website in IIS which you need to complete. Firstly, you should save the certificate in a text file on your VPS (for example as c:\newcert.txt). Make sure you include everything, expecially the BEGIN and END CERTIFICATE lines and all dashes. Use a simple text editor like Notepad - do not use Word or Wordpad. If there are any intermediate certs supplied, you should also save each of these as separate text files

To install the certificate:
  • Log on to your VPS using Remote Desktop.
  • Open the Internet Information Services (IIS) Manager.
  • In IIS Manager, double-click the local computer, and then double-click the Web Sites folder.
  • Right-click the Web site for which you want to request a certificate, and then click Properties. Often it will be Default Web Site, yours may be different.
  • Select the Directory Security tab and click Server Certificate in the Secure communications section.
  • Click Next in the Welcome to the Web Server Certificate Wizard window.
  • Select Process the pending request and install the certificate, Click Next.
  • Browse to locate the newcert.txt file when prompted to locate your web server certificate. Click Next.
  • Verify SSL Port 443 in the SSL Port dialog box.
  • Review the Certificate Summary screen and ensure that you are processing the correct certificate. Click Next.
  • Click Finish to complete the IIS Certificate Wizard.
  • Again, Right-click on the site in IIS and click Properties.
  • Select the Web Site tab. In the Web Site Identification section make sure that your site has an IP address and that the SSL port is 443. Click OK.
Your new certificate is installed, you should verify that you can now access it in a web browser with the https:// prefix and that no errors are seen. The following site provides a good check that your cert is correctly installed:


A very common error message to see is: This certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. This indicates that you have not correctly installed the intermediate certs that are required for your certificate. Use the steps below to fix this.

Other errors may be seen indicating that the cert is expired (perhaps you installed the wrong one, or it really has expired) or that it does not support the common name you used to test it (perhaps you used the wrong domain name, installed the wrong cert, or generated an invalid CSR).
   
Installing Intermediate or Chain Certs

Often your new SSL Cert will be supplied with one or more intermediate certificates. These must be installed on your server in order to ensure that the certificate will display correctly, especially on older browsers. Each intermediate cert needs to be installed only once per server, even if you are running multiple SSL sites. To install an intermediate cert, first save it as a text file on your server (e.g. chaincert.txt).
  • Log on to your VPS using Remote Desktop.
  • Open the MMC Console: Click Start -> Run -> Type "mmc". Click OK
  • Click File and select Add/Remove Snap-in
  • Select Add... & Select Certificates from the Add Standalone Snap-in box. Click Add
  • Select to always manage certificates for the Computer Account. Click Next
  • Select to manage Local Computer. Click Next
  • Close the Standalone Snap-in box, click OK in the Add/Remove Snap-in and return to the MMC
  • In MMC -> Certificates, Right-click the Intermediate Certification Authorities folder & go All Tasks > Import
  • When the Certificate Import Wizard appears, click Next
  • Locate & select the Intermediate Certificate files you saved and click Next
  • When the wizard is completed, click Finish and the intermediate certificate(s) will be installed 
(don't forget to check your SSL site is now working correctly using a tool such as the one above).
 
(298 vote(s))
This article was helpful
This article was not helpful