Setting up SSL on IIS

Posted on 2015-02-05
Last Modified: 2015-02-12
one of my clients has been working with an ecommerce integration group to get their website up and running which is
already working as of now but now they wanted to use SSL for the website so they want me to handle the install of the certificate on the webserver.  I'm trying to get an overall understanding of all the components that go into doing this.
I already am in the process of downloading the intermediate certificate from godaddy and it looks pretty straightforward per their instructions.  They also wanted me to open up port 443 on the firewall which i did already but when i tested the port using it reported that the connection was refused.  Does there have to be another step for 443 traffic to be accepted on the webserver?  Port 80 i was able to successfully test as not being blocked.  What i was really confused about was that they said i had to create another name for the website  to handle the SSL.  In other words, if the current website is accessible as they wanted me to use when i applied for the certificate.  Then they said i would have to add a dns record for that pointing to the same public ip as  They said they could add  the record to their local overrides but preferred not to unless i really had problems with the dns.  Thanks.
Question by:dankyle67
  • 2
  • 2
LVL 17

Accepted Solution

OriNetworks earned 500 total points
ID: 40591961
Wow I think I'm just as lost as you... I will try to explain using IIS7 but if you have 6 it should be easy to follow or search for the same directions.

Traditionally enabling SSL is pretty simple.
1. Get a cert for the name or names users will be using to access your site (e.g. If you want to enable multiple names such as,,etc a UCC or wildcard cert is required to list all possible names users will access your site with
2. In IIS, install the server certificate by opening the IIS manager, click on the server, then click Certificates. Import your certificate, or create a new certificate request to submit to your SSL provider. You probably want Import.
3. Add bindings to your website. Bindings tell your site which ports and names to listen on. Expand sites, right-click and select Edit Bindings.
4. Click Add, select https as the type, the ip address it will listen on (or leave All Unassigned), port 443, and select the certificate you just installed. This will use whatever names you registered when creating the ssl cert.

Browse to https://internal_server_ip to make sure you can get to the site using SSL. This will show a certificate warning because you are using an internal ip rather than the name you created the certificate for but that's ok for now. If this does not work, you have a server configuration problem, maybe windows firewall is enabled or a different firewall software directly on the host is blocking the connection.

5. Setup your firewall to allow inbound 443 to be directed to your internal server ip address.

If you still have issues, you can try going to https://[external ip address]  by using external ip address you will get a warning about invalid cert but it will verify your server is now exposed to the internet to handle requests

If it works using ip address but not domain, you have a dns issue. if https://external_ip does not work, your firewall is not configured correctly.

Author Comment

ID: 40592022
Thanks for the good instructions so far.  I actually went thru most of the process with godaddy support and it was really confusing at first since the generating,installing and requesting of certificates all look similar at first glance but as i went thru it i got a better handle on it.  I had to delete the original csr on iis and generated a new one which i then pasted into the godaddy site so it would generate a request again.  I had to do all this because i found out since the webserver is running on 2003 server, it would require a hotfix for sha2.   However if we selected the 1yr subscription, we could select sha2 as algorithm and would not have to worry about hotfix.  We plan on moving all this to a new 2012 server in about 2mos so at least I have some understanding of the process when having to do the certificate drill again.  I will test if i can access using https now and get back to you.

Author Comment

ID: 40593486
ok i tested it by trying to get to site externally using https://public ip and it came back as you mentioned with the site warning since i'm not using the name of the certificate so this looks good so far.  Im waiting now for the ecommerce integration group to add the host record of our internal server name to their end on dns so that site can be accessed using the which matches the certificate name.  This is the part i don't understand.  Why did they ask us to make the name different for the internal server when applying for the certificate?  In other words, prior to the ssl certificate, a person could access using http and if they wanted to use https of course they would use the same name except now they would use but i'm assuming this what the ecommerce group is working on now with the different name.  They are probably adding host to their dns so that it has same ip as
LVL 17

Expert Comment

ID: 40594466
As an added note, you may want to check IIS to make sure Require SSL is selected for at minimum the ecommerce site or virtual directory. This will prevent users from accidently putting sensitive information into an unencrypted form. It should also be required for any portion of the site where the user may enter login credentials.

I don't know the answer to that but it should be a simple question to ask them and you should ask them to understand why the directed to do so anyway. One example might be if you are trying to serve a mix of encrypted content and unencrypted content under the same site, which is a bad practice anyway, using a different subdomain for the encrypted site will allow you to setup a different site in IIS specifically for that binding e.g. (, that was the server wont try to run everything through SSL. SSL does have a slight performance impact but its only noticeable with many users.

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Configure WPAD via DNS 3 66
exchange , certificates 9 39
Framework versus framework 64 in IIS 8.5 5 101
Installing Certificates for wireless connections 13 49
Today I came across an interesting issue that had me pulling my hair out.  I was troubleshooting a new internal web site which uses integrated security instead of anonymous.  When browsing the site from my laptop, I was able to access it with no iss…
Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Internet Business Fax to Email Made Easy - With  eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now