Windows 2025
Sponsored Link

IIS : SSL/TLS Settings2024/12/18

 

Enable SSL/TLS Settings for Web Sites.

[1]

First, Buy or Get or Create SSL Certificate.

If you use self signed certificate, refer to here.

On this example, Use certificate from Let's Encrypt, refer to here (Linux tutorial) to get Let's Encrypt certificate and convert it to PKCS12 (PFX) for Windows.

[2]

Run PowerShell with Admin Privilege and Configure.

If you use SSL certificate that you got or create it on another Host, import it first.
If you created self signed certificate on the same Host with IIS like the link of [1], this work does not need, skip here.
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

# store export password you set on certificate to a variable
PS C:\Users\Administrator> $Password = ConvertTo-SecureString -AsPlainText -Force "P@ssw0rd" 

# import to [Cert:\LocalMachine\My]
# ⇒ on GUI look, stored under [Certificates - Local Computer] - [Personal]
PS C:\Users\Administrator> Import-PfxCertificate -FilePath C:\Users\Administrator\rx-7.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $Password 

   PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\My

Thumbprint                                Subject
----------                                -------
6CFE37227E820C87A9A2EDA5CF2020F553EE0EB1  CN=rx-7.srv.world
[3] Configure SSL/TLS settings on a Web Site.
This example is based on the environment that certificate is stored under the [Cert:\LocalMachine\My].
# confirm certificate
PS C:\Users\Administrator> Get-ChildItem Cert:\LocalMachine\My 

   PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\My

Thumbprint                                Subject
----------                                -------
6CFE37227E820C87A9A2EDA5CF2020F553EE0EB1  CN=rx-7.srv.world

# store target certificate to a variable $Cert
PS C:\Users\Administrator> $Cert = Get-ChildItem Cert:\LocalMachine\My\6CFE37227E820C87A9A2EDA5CF2020F553EE0EB1 

PS C:\Users\Administrator> Get-Website 

Name             ID   State      Physical Path                  Bindings
----             --   -----      -------------                  --------
Default Web Site 1    Started    %SystemDrive%\inetpub\wwwroot  http *:80:
RX-7.srv.world   2    Started    C:\inetpub\newsite             http *:80:rx-7.srv.world

# set SSL Binding to [RX-7.srv.world] site
PS C:\Users\Administrator> New-WebBinding -Name "RX-7.srv.world" -IPAddress "*" -HostHeader "rx-7.srv.world" -Port 443 -Protocol https 

# set $Cert to SSL Binding
PS C:\Users\Administrator> New-Item IIS:\SslBindings\0.0.0.0!443!rx-7.srv.world -Value $Cert 

PS C:\Users\Administrator> Get-Website 

Name             ID   State      Physical Path                  Bindings
----             --   -----      -------------                  --------
Default Web Site 1    Started    %SystemDrive%\inetpub\wwwroot  http *:80:
RX-7.srv.world   2    Started    C:\inetpub\newsite             http *:80:rx-7.srv.world
                                                                https *:443:rx-7.srv.world sslFlags=0

# verify accesses
# if self signed certificate, add [-k] (--insecure) option
PS C:\Users\Administrator> curl.exe https://rx-7.srv.world/ 
IIS Virtual Host Test Page
IIS : SSL/TLS Settings (GUI)
 

On GUI configuration, set like follows.

[4] First, import SSL certificate in certificates store.
On this example, import it under [Certificates - Local Computer] - [Personal] like follows.
[5] Configure SSL/TLS Setting for a Web Site.
Run [Start] - [Server Manager] and Click [Tools] - [Internet Information Services (IIS) Manager] and then Right Click the Site you'd like to set SSL binding on the left pane and Select [Edit Bindings].
[6] Click the [Add] button.
[7] Select [https] on [Type] filed and input Web Site's Hostname on [Host name] field. For [SSL certificate] field, Select your certificate that you imported on [4] section.
[8] SSL binding is configured.
[9] Access to the Web Site with HTTPS to verify working.
Matched Content