Windows 2022
Sponsored Link

IIS : SSL/TLS Settings2022/01/26

 
Enable SSL/TLS Settings for Web Sites.
[1]
First, Buy or Get or Create SSL Certificate.
[2]
Run PowerShell with Admin Privilege and Configure.
If you use SSL certificate that you got or create it on another Host, import it first.
If you created self signed certificate on the same Host with IIS like the link of [1], this work does not need, skip here.
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

# store export password you set on certificate to a variable
PS C:\Users\Administrator> $Password = ConvertTo-SecureString -AsPlainText -Force "P@ssw0rd" 

# import to [Cert:\LocalMachine\My]
# ⇒ on GUI look, stored under [Certificates - Local Computer] - [Personal]
PS C:\Users\Administrator> Import-PfxCertificate -FilePath C:\Users\Administrator\rx-7.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $Password 

   PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\My

Thumbprint                                Subject
----------                                -------
3B751FE86B523386DFC10D3225AC8D2BFD35C575  CN=rx-7.srv.world
[3] Configure SSL/TLS settings on a Web Site.
This example is based on the environment that certificate is stored under the [Cert:\LocalMachine\My].
# confirm certificate
PS C:\Users\Administrator> Get-ChildItem Cert:\LocalMachine\My 

   PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\My

Thumbprint                                Subject
----------                                -------
3B751FE86B523386DFC10D3225AC8D2BFD35C575  CN=rx-7.srv.world

# store target certificate to a variable $Cert
PS C:\Users\Administrator> $Cert = Get-ChildItem Cert:\LocalMachine\My\3B751FE86B523386DFC10D3225AC8D2BFD35C575 

PS C:\Users\Administrator> Get-Website 

Name             ID   State      Physical Path                  Bindings
----             --   -----      -------------                  --------
Default Web Site 1    Started    %SystemDrive%\inetpub\wwwroot  http *:80:
RX-7.srv.world   2    Started    C:\inetpub\newsite             http *:80:rx-7.srv.world

# set SSL Binding to [RX-7.srv.world] site
PS C:\Users\Administrator> New-WebBinding -Name "RX-7.srv.world" -IPAddress "*" -HostHeader "rx-7.srv.world" -Port 443 -Protocol https 

# set $Cert to SSL Binding
PS C:\Users\Administrator> New-Item IIS:\SslBindings\0.0.0.0!443!rx-7.srv.world -Value $Cert 

PS C:\Users\Administrator> Get-Website 

Name             ID   State      Physical Path                  Bindings
----             --   -----      -------------                  --------
Default Web Site 1    Started    %SystemDrive%\inetpub\wwwroot  http *:80:
RX-7.srv.world   2    Started    C:\inetpub\newsite             http *:80:rx-7.srv.world
                                                                https *:443:rx-7.srv.world sslFlags=0

# verify accesses
# if self signed certificate, add [-k] (--insecure) option
PS C:\Users\Administrator> curl.exe https://rx-7.srv.world/ 
IIS Virtual Host Test Page
IIS : SSL/TLS Settings (GUI)
 
On GUI configuration, set like follows.
[4] First, import SSL certificate in certificates store.
On this example, import it under [Certificates - Local Computer] - [Personal] like follows.
[5] Configure SSL/TLS Setting for a Web Site.
Run [Start] - [Server Manager] and Click [Tools] - [Internet Information Services (IIS) Manager] and then Right Click the Site you'd like to set SSL binding on the left pane and Select [Edit Bindings].
[6] Click [Add] button.
[7] Select [https] on [Type] filed and input Web Site's Hostname on [Host name] field. For [SSL certificate] field, Select your certificate that you imported on [4] section.
[8] SSL binding is configured.
[9] Access to the Web Site with HTTPS to verify working.
Matched Content