Knowledgebase

✅ Pre-Requisites

• A valid SSL Certificate (usually .pfx, .crt, and .key files from CA).

• IIS installed on the server.

• Access to IIS Manager as an Administrator.

Step-by-Step SSL Installation Process in IIS

Step 1: Import the SSL Certificate to the Server

If you have a .pfx file:

1. Open MMC (Microsoft Management Console) → Run > mmc

2. Add Certificates snap-in (Local Computer).

3. Right-click Personal > Certificates → All Tasks → Import.

4. Browse and import the .pfx file.

5. Enter the password for the private key and mark it as exportable.

6. Complete the wizard.

Step 2: Bind the Certificate in IIS

1. Open IIS Manager (inetmgr).

2. Select the correct website under Sites (usually "Default Web Site" or your custom site).

3. In the Actions panel (right side), click on Bindings.

4. Click Add (or Edit if SSL already exists):

   • Type: https

   • IP address: All Unassigned or specific IP

   • Port: 443

   • SSL Certificate: Select the certificate you just imported

5. Click OK to save.

Step 3: Test the SSL Installation

• Open a browser and visit: https://yourdomain.com

• Ensure no certificate errors show.

• Use tools like SSL Labs (https://www.ssllabs.com/ssltest/) to verify the SSL installation and grade.

Optional Configurations (for security best practices)

Force HTTPS Redirect:

1. Select the website in IIS.

2. Open HTTP Redirect.

3. Enable "Redirect requests to this destination" → Enter https://yourdomain.com

4. Check "Only redirect requests to content in this directory" and "Status code: 302 Found" (or 301 if permanent).

5. Or use URL Rewrite module to enforce HTTPS.

Disable Weak Protocols (Optional but Recommended):

• Use IIS Crypto tool to disable SSL 2.0/3.0 and enable TLS 1.2/1.3.

• Registry changes can also be made, but proceed cautiously.

Files Format Conversion (if needed)

• Convert .crt and .key to .pfx using OpenSSL:

  bash

  CopyEdit

  openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.crt