This post is gonna guide you step by step how to request, install or renew the expired certificate on IIS 7 especially on Active Directory.
Create and Generate Certificate
Open The IIS Manager from Start Menu –> Administration Tools –> Internet Information Server (IIS) Manager
Click your server name and see on the middle panel. Found “SSL Certificate” icon , then open it..
(You can see in the picture below)
On the right panel , select “Create Certificate Request” link…….
You need to fill with the detail like in the picture then press next button..
|Note : some program that using this IIS, required a correct name (like CRM , need site name as a certificate name list on the IIS) of the certificate and the credential. So, be sure everything is on the right place.|
on the Cryptographic Service Provider, choose “Microsoft RSA SChannel Cryptographyc Provider” and on Bit Length , choose value “2048”
Your gonna need place the certificate request file using “…” button. so you can easily find it and used it to request certificate on certsrv.
When you open the certificate server and receive any security warning like picture below, check ” in the future, do not show this warning” and the press OK.
Login using your account.
|your account must be at least have domain admin rights to do this. |
After you login , a welcome screen will appear like picture below
Next, what you need to do is select “Request a certificate”
Select “advanced certificate request”.
Select “Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file”.
Open the txt file for certificate request files using notepad that early you save from request on IIS and mark all using CTRL + A and CTRL+C.
Paste the the request file from notepad to the saved request windows like picture below, after that click next (sorry I forget to capture security warning, but you just need to click “yes” button so the certificate server will generate a valid certificate for your IIS. and then, you can download the certificate with 2 option format (DER or 64 or what it is
Next step is you go back to IIS Manager and select “Complete Certificate Request…”
on file name containing bla.. bla.. Go to the place where you put the generated certificate from certificate server and name it match to your site name you want to put this SSL certificate.
You have to bind this certificate to IIS by going to default web site , right klik and select “Edit Bindings…”
Select “http” type with “443” as a port number the click Edit..
on the SSL Certificate, select certificate that you make early..and click OK (if you wasn’t sure about name of the certificate you generate back then , you can click view to make sure) .