Configuring Free SSL on IIS Server
This article helps you to configure free SSL for a website hosted in IIS. For configuring SSL to any website a certificate has to be purchased from 3rd party authorities like Comodo, Identrust etc. On the other hand, you can also purchase SSL from domain name providers like GoDaddy, Bigrock etc.
There are also free SSL certificate providers like https://www.sslforfree.com, https://zerossl.com/free-ssl/#crt etc. The certificates created using these free providers are valid up to 3 months, Later you can create a new certificate or renew the existing one. In this article, we will be using sslforfree.com for generating CRT certificate and private key and then using CRT certificate and private key we will create PFX certificate which will be imported in to IIS website.
For setting up SSL you need to have a domain or subdomain. It is not possible to setup SSL with IP address.
Step #1: Generating CRT Certificates & Private Key
Go to https://www.sslforfree.com. Enter your domain or subdomain and hit Create button as shown below
We have to verify that the domain/sub-domain belongs to us. I prefer the “Manual Verification” process as shown below
Download the file as shown below
Step #2: Create IIS website & Adding MIME type
Create a website in IIS as shown below
Add a mime type in IIS as shown below
Step #3: Verify domain name
We have to verify that the domain/sub-domain belongs to us. For that create .well-known/acme-challenge folder inside the “testssl” website source folder. Windows will not allow you to create folder by name “.well-know” use command prompt to achieve this as shown below
Copy the downloaded file from www.sslforfree.com into the acme-challenge folder. Go back to www.sslforfree.com and click on verification link as shown below
This will open the URL in new window/tab and we will just get a random string along with the downloaded file name
Go back to www.sslforfree.com and follow the below process
The sslforfree.zip consists of the two CRT certificates and private key as shown below
Step #4: Create PFX Certificate
As discussed in the beginning we will use the two CRT and a privatekey file for generating a PFX certificate. For this process download “opensll” tool from this link https://sourceforge.net/projects/openssl/
Using command prompt navigate to “bin” folder inside the downloaded opensll folder and run below command. Change the CRT & PrivateKey path according to your machine. This command will ask for a password, enter any random password and remember it. We need that password while importing the certificate into IIS.
> openssl pkcs12 -export -out “certificate_combined.pfx” –inkey “C:\Users\admin\Downloads\sslforfree\private.key” -in “C:\Users\admin\Downloads\sslforfree\certificate.crt” -certfile “C:\Users\admin\Downloads\sslforfree\ca_bundle.crt”
This will create a PFX Certificate by name “certificate_combined.pfx” in bin folder as shown below
Step #5: Installing certificate_combined.pfx certificate
Double click on certificate_combined.pfx file and follow the below steps
Step #6: Configuring IIS website with SSL certificate
Below image explains how to configure the website with SSL certificate
Step #7: Enable firewall port 443
Enable 443 port from the firewall as shown below
In case if you are using cloud VMS like AWS, Azure or Google, you have to enable https or 443 port in the respective cloud dashboards.
Step #8: Testing the SSL certificate
As we have verified that the domain/subdomain belongs to us, we can delete the previously created .well-known folder inside IIS website source folder. Place an index.html file in the IIS website source folder and navigate to the URL with https as shown below.
Happy Coding 🙂
Please leave a comment below, and let me know what you think!
About the Author
Kishore Ithadi
https://in.linkedin.com/in/kishoreithadi