Windows Server 2008/2012/2016 (IIS 7/7.5 – IIS 8/8.5) Binding Instructions

To learn how to assign/bind an already installed SSL Certificate to a IIS website perform the following. Assign and Bind the SSL certificate to your web site: Click Start > Administrative Tools > Internet Information Services (IIS) Manager. Browse to your server name > Sites > Your SSL-based site. In the Actions pane, click Bindings… In the Site Bindings window, If there is no existing https binding, choose Add and change Type from HTTP to HTTPS. Note: If there is already a https binding, select it and click Edit. From the SSL Certificate drop down, Specify a  Friendly Name for the SSL certificate that will be used for this site. Click OK. Congrats you have configured your website to work […]

Read More

How To Move An SSL Certificate From Windows To Sonicwall NSA

Windows servers use .pfx/.p12 files to contain the public key file (SSL Certificate) and its unique private key file. You need both the public key and private keys for an SSL certificate to work properly on any system. If you need to transfer your SSL certificate from one server to another or store it someplace for safe keeping you need to create a .pfx backup.  Dell Sonicwall systems have the capability to import a pfx file generated from windows. To backup, export, and move an SSL certificate from a Windows Server to SonicWALL with its private key perform the following steps. Step 1:  Create an MMC Snap-in for Managing Certificates on the IIS 8 system: Start > run > MMC. Go […]

Read More

Microsoft Server 2016 – IIS 10 & 10.5 – CSR Instructions

To generate a Certificate Signing Request (CSR) for Server 2016 – IIS 10 & 10.5 you will need to create a key pair for your server the public key and private key. These two items are a digital certificate key pair and cannot be separated. On Windows type systems like Microsoft Server 2016 – IIS 10 & 10.5 PFX/PKCS12 requests are made, and are stored on the system. The private key will remain hidden on the windows system where the CSR request is made. To generate a CSR on Windows Server 2016 – IIS 10 & 10.5 perform the following. Step 1: Generating your CSR: Choose Start > Administrative Tools > Internet Information Services (IIS) Manager. In the IIS Manager […]

Read More

Microsoft Server 2016 – IIS 10 & 10.5 – SSL Installation

Like the majority of server systems you will install your SSL certificate on the same server where your Certificate Signing Request (CSR) was created. This is because your private key will always be left on the server system where the CSR was originally created. With Microsoft like Microsoft Server 2016 – IIS 10 & 10.5 the private key is hidden away and will only appear once the CSR request has been completed. Your SSL certificate will not work without this private key file. We will assume that this is the original system. To Install your SSL certificate on Windows Server 2012 – IIS 8 & 8.5 perform the following. Step 1: Picking up your SSL Certificate: If you had the option […]

Read More

How To Enable Or Import A Root Certifciate In Windows Systems Using MMC.

Depending on the circumstance you may be getting mixed results of browser certificate trust or for whatever reason are experiencing an issue with Cross Root Certificates or warning of not fully trusting a chaining root. Cross Root Certificate where used back in the day by some Certificate Authorities to help certificate trust to older outdated server systems, but due to liability of allowing certificate trust to these systems that practice is no longer practiced. SSL Certificates are now used to modernize and update industry standards not give loop wholes around staying secure. To bypass a Cross Root Certificate warning it is a matter of making sure a new updated root is installed on the system in question and that all purposes […]

Read More

How to Export a Certificate From Internet Information Services (IIS) Manager.

Depending on the situation you may have to install your SSL Certificate on multiple systems. Since no SSL Certificate will work without it’s private key this scenario is based on the CSR being generated from an IIS system and the SSL Certificate has already been installed back into the system.. This will give you a PFX file that you can then perform a binding with to a website on the system or more importantly Export as a PFX/p12 file used to be imported into other server systems with pfx capability. Note: This method of of exporting the SSL Certificate with its private key off an IIS system will not append any Intermediate Chain certificates that go along with the SSL Certificate […]

Read More

Troubleshooting: Host headers in Microsoft Server 2008 IIS 7.0 & 7.5

Depending on your environment you may have the following Issues: Website A is coming up as website B. Unable to assign a certificate due to another website using the same IP or Port. Host Name when binding the certificate is grayed out. Using Host Headers requires that the following conditions are met: You must be using either a Wildcard or a SAN certificate The website address being used must meet the following. Include as a SAN value on the certificate. The Common Name (CN) of the certificate Be Covered by a wildcard Only one certificate can be used for a given IP address and port combination The friendly name of the certificate must have the wildcard * attribute in order […]

Read More

How to move certificate from Windows to Citrix Netscaler.

Windows servers use .pfx/.p12 files to contain the public key file (SSL Certificate) and its unique private key file. The Certificate Authority (CA) provides you with your SSL Certificate (public key file). You use your server to generate the associated private key file where the CSR was created. You need both the public key and private keys for an SSL certificate to work properly on any system. Windows uses the pfx/p12 file to contain these two keys; therefore, if you need to transfer your SSL certificate from one server to another or store it someplace for safe keeping you need to create a .pfx backup. Citrix Netscaler is an Apache type system that uses pem/x509 certificate formates for encryption and […]

Read More

Server 2003 IIS 6 – CSR Instructions for Renewals

To generate a Certificate Signing Request (CSR) for Server 2003 – IIS 6 you will need to create a key pair for your server the public key and private key. These two items are a digital certificate key pair and cannot be separated. On Windows type systems PFX/PKCS12 requests are made, and are stored on the system. The private key will remain hidden on the windows system where the CSR request is made. Note: All certificates issued by a Certificate Authority must be SHA2/SHA256 algorithm due to industry standards by governing entities. IIS 6 Server 2003, has been known to not understand this Algorithm.  Installing a SHA2 certificate on your outdated system may not work. You may have to contact Microsoft […]

Read More

Server 2003 IIS 6 – SSL Installation

Like the majority of server systems you will install your SSL certificate on the same server where your Certificate Signing Request (CSR) was created. This is because your private key will always be left on the server system where the CSR was originally created. With Microsoft systems the private key is hidden away and will only appear once the CSR request has been completed. Your SSL certificate will not work without this private key file. We will assume that this is the original system. To Install your SSL certificate on Windows Server 2003 – IIS 6 perform the following. Step 1: Picking up your SSL Certificate. If you had the option of server type during enrollment and selected Microsoft you will receive a […]

Read More