If you want to secure your website or any other web interface on a server running under Windows Server, you need to ask and add a SSL certificate to your IIS web server.
To create a certificate request, open the Internet Information Services (IIS) Manager, select your web server on the left and click on "Server Certificates" in the center.
In the right column, click the "Create a certificate request" link.
Note : for a test web server, you may click on the "Create a self-signed certificate" link. That said, a self-signed certificate will not work with Citrix technologies, RemoteApp, ...
For the certificate request, specify :
IMPORTANT : If you wish to obtain a valid certificate from a trusted certification authority, such information must be correct. Otherwise, the certification authority will probably refuse your certificate request.
Note : in our case, we will create the SSL certificate with our certification authority created under Windows Server, so the city / region and the country will not be checked.
Then, select the size of the encryption key.
This choice depends on the certification authority (CA) that will generate your SSL certificate.
The higher is this value, higher is the encryption. However, check with the desired CA to know what key size are supported.
Finally, click the "..." button to save the certificate request to a file.
Then, click "Finish".
As you can see, the certificate request is encrypted and begins/ends with lines "-----... NEW CERTIFICATE REQUEST-----".
To obtain a valid SSL certificate, you have several options :
* When you use a CA that you create on your server, the generated certificates will be considered invalid by computers around the world, because the certificate of your CA is not in trusted certification authorities by default in Windows. To solve this problem, you must add the certificate of your authority in your certificates of trusted authorities of computers on your network.
So, this solution is useful for a test environment or an intranet. This will allow you to secure connections for Citrix technologies, RemoteApp, ... with no problem. Indeed, if your setup is good, Citrix solutions and RemoteApp will consider your certificates as valid.
In our case, we will generate our certificate with our Windows Server Certification Authority.
For this, we access to the address "https://ad-server.informatiweb.lan/certsrv" and connects with the admin account of the "ad-server" server.
After generating the certificate, we see that :
Finally, you must first add the generated SSL certificate in the IIS server certificates.
For this, just click on the link "Complete Certificate Request" in the right column.
Select the certificate generated by the certification authority (which is called here : the certification authority response).
Then, specify a friendly name (what you want to give a name for this certificate).
And select a certificate store for this certificate. This choice doesn't matter.
Then, go to the "View" menu and click on "Refresh" for the certificate is displayed.
Now, your certificate is in the IIS server certificates.
Finally, you must add the https protocol (https binding in IIS).
To do this, select the website to secure over SSL (https protocol), and click on "Bindings" in the right column.
Add the "https" type for the "443" port.
Enter the domain name of this website.
Then, select the SSL certificate that we just added.
As you can see, our website "iw-web-server.informatiweb.lan" is protected by a SSL issued by the "InformatiWeb CA" certification authority for the https protocol.
® InformatiWeb-Pro.net - InformatiWeb.net 2008-2021 - © Lionel Eppe - All rights reserved.
Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.