IIS : SSL/TLS Settings2022/01/26 |
Enable SSL/TLS Settings for Web Sites.
|
|
[1] |
First, Buy or Get or Create SSL Certificate.
|
[2] |
Run PowerShell with Admin Privilege and Configure.
If you use SSL certificate that you got or create it on another Host, import it first.If you created self signed certificate on the same Host with IIS like the link of [1], this work does not need, skip here. |
Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved. # store export password you set on certificate to a variable PS C:\Users\Administrator> $Password = ConvertTo-SecureString -AsPlainText -Force "P@ssw0rd" # import to [Cert:\LocalMachine\My] # ⇒ on GUI look, stored under [Certificates - Local Computer] - [Personal] PS C:\Users\Administrator> Import-PfxCertificate -FilePath C:\Users\Administrator\rx-7.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $Password PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\My Thumbprint Subject ---------- ------- 3B751FE86B523386DFC10D3225AC8D2BFD35C575 CN=rx-7.srv.world |
[3] | Configure SSL/TLS settings on a Web Site. This example is based on the environment that certificate is stored under the [Cert:\LocalMachine\My]. |
# confirm certificate PS C:\Users\Administrator> Get-ChildItem Cert:\LocalMachine\My PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\My Thumbprint Subject ---------- ------- 3B751FE86B523386DFC10D3225AC8D2BFD35C575 CN=rx-7.srv.world # store target certificate to a variable $Cert PS C:\Users\Administrator> $Cert = Get-ChildItem Cert:\LocalMachine\My\3B751FE86B523386DFC10D3225AC8D2BFD35C575 PS C:\Users\Administrator> Get-Website Name ID State Physical Path Bindings ---- -- ----- ------------- -------- Default Web Site 1 Started %SystemDrive%\inetpub\wwwroot http *:80: RX-7.srv.world 2 Started C:\inetpub\newsite http *:80:rx-7.srv.world # set SSL Binding to [RX-7.srv.world] site PS C:\Users\Administrator> New-WebBinding -Name "RX-7.srv.world" -IPAddress "*" -HostHeader "rx-7.srv.world" -Port 443 -Protocol https # set $Cert to SSL Binding PS C:\Users\Administrator> New-Item IIS:\SslBindings\0.0.0.0!443!rx-7.srv.world -Value $Cert PS C:\Users\Administrator> Get-Website Name ID State Physical Path Bindings ---- -- ----- ------------- -------- Default Web Site 1 Started %SystemDrive%\inetpub\wwwroot http *:80: RX-7.srv.world 2 Started C:\inetpub\newsite http *:80:rx-7.srv.world https *:443:rx-7.srv.world sslFlags=0 # verify accesses # if self signed certificate, add [-k] (--insecure) option PS C:\Users\Administrator> curl.exe https://rx-7.srv.world/ IIS Virtual Host Test Page |
IIS : SSL/TLS Settings (GUI)
|
On GUI configuration, set like follows.
|
|
[4] | First, import SSL certificate in certificates store. On this example, import it under [Certificates - Local Computer] - [Personal] like follows. |
[5] | Configure SSL/TLS Setting for a Web Site. Run [Start] - [Server Manager] and Click [Tools] - [Internet Information Services (IIS) Manager] and then Right Click the Site you'd like to set SSL binding on the left pane and Select [Edit Bindings]. |
[6] | Click [Add] button. |
[7] | Select [https] on [Type] filed and input Web Site's Hostname on [Host name] field. For [SSL certificate] field, Select your certificate that you imported on [4] section. |
[8] | SSL binding is configured. |
[9] | Access to the Web Site with HTTPS to verify working. |
Sponsored Link |