Home > Uncategorized > Install free SSL certificate on IIS (startssl, not self-signed)

Install free SSL certificate on IIS (startssl, not self-signed)

Create (or reauthenticate) your account

go to https://www.startssl.com/ and authenticate (or sign-up or use the express lane button).
This process involves entering a authentication code send to your e-mail address.
Follow the procedure, everything is pretty straightforward. Don’t forget to backup your certificate which is installed in your browser. If you reinstall your pc, you will need this certificate to gain access to your account.
Do e-mail validations first

The first catch. If you want to create a certificate for another domain.
First do a “email address validation” in the validations wizard for the domain you will be creating a certificate for. If you want to create a certificate for domainxyz.com, then first do an email validation for postmaster, hostmaster or webmaster@domainxyz.com. For the .com TLD you might have other possibilities also.
If you did not validated this e-mail address, you won’t receive any verification codes on this e-mail address.

Create a certificate

If you follow all instructions on the “certificates wizard”. If you let startssl generate your private key, you should have a at least the following files at hand

ssl.key (the encrypted private key)
ssl.crt (the certificate or public key)
The SSL.crt could be used on a windows server, but that would be only the public key. For HTTPS you also need the private key, because you need to decrypt the encrypted data. So you will need to link the private key and the certificate together as we will describe in the next steps.

Decrypt private key

First go to the toolbox and click the “decrypt private key”.

Paste in the content of the ssl.key file, enter your password which you provided in the previous step.

You now have a DECRYPTED private key. Copy this decrypted key.

Create Certificate for IIS

Now go to “Create PKCS#12” in the toolbox. Paste the decrypted key in the first box (private key). And paste the content of the ssl.crt file in the second box. Provide a new password to protect the file you will be creating.

Click continue.

Now download the PFX and use this file to install the certificate on your IIS 7.0/7.5 or higher.

Install the certificate

Open Inetmgr (Internet Information Services – IIS Manager) and open the “server certificates” on server level.

Click the “IMPORT” button and supply the PFX you just created (and uploaded?). You might not have the right file extension, but that is no problem. Just choose *.* as file type, select the file. Finish off with your password, before hitting return.

Redefine bindings of website

If you have only one HTTPS site running Go to your HTTPS site,

click “Bindings”
“Edit” the https (port 443) line
choose the right SSL certificate
hit “OK”,
and click the “Close” button

Bindings when hosting multiple sites

If you have multiple sites running on your website, you might want to set the binding headers for HTTPS. This can be done using the command prompt (as administrator) using these two commands:

C:\Windows\system32>cd \windows\system32\inetsrv
C:\Windows\System32\inetsrv>appcmd set site /site.name:”” /+bindings.[protocol=’https’,bindingInformation=’:443:’]

change the “”, “”, “” to approprate value’s.

Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: