Adding a certificate on Win 2016 and IIS for https access to web site

I have a web server that was setup for an application internal monitoring application. After I got it all setup - of course the security team is not happy with it because it uses http instead of https. How do I add a certificate (*.internal.foo.com) to this Windows 2016 server and then make it available in IIS for the monitoring site? I *think* the answer is to use MCC with the certificate add-in. But then I get into the weeds as to should I use My user account, Service account, Compuer account. Where should I upload the certificate? Then in IIS can I just right click the default web site Edit Bindings, add https and presumably I'm then able to select a certificate since one was added in MCC?

Thank you.
LVL 2
amigan_99Network EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
Go through the iis console, the process shoukd be the same as other, sevurity settings, self-signed cert or create a csr and submit it for signature by any certificate authority.

Once you select the default site, look at site properties. Bindings are after. SSL, security....
0
arnoldCommented:
Most certificate signing vendors include guides to ...
https://www.godaddy.com/help/generate-a-csr-certificate-signing-request-5343
0
btanExec ConsultantCommented:
I presume you are getting a certificate from your internal CA. Should be *.foo.com.

Install your issued SSL certificate. But make sure the root CA existed as the trusted CA as well as the chained certificate bundle, if any. These can be through MMC. Thereafter go through the binding steps.
https://support.quovadisglobal.com/kb/a478/how-do-i-install-an-ssl-certificate-into-microsoft-iis-10.aspx

You can see the screen flow in the IIS here
https://www.digicert.com/csr-creation-ssl-installation-windows-server-2016-digicert-utility.htm#configure-server
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

amigan_99Network EngineerAuthor Commented:
Thanks LVL66 - I think I've made progress loading the root and the intermediate certs in the stored described in the doc. Then I added the star.internal.foo.com cert into the web hosting area and I see it there. Since it's a wild card I don't think I need a CSR. So in IIS manager I Edited bindings on the default site and tried to Add the https and the cert. But it's not found. Any thought what I might be missing?
ScrnGrab4158-180308-17.37.jpg
0
amigan_99Network EngineerAuthor Commented:
The last step to get my wildcard cert into IIS was to click on the Server in IIS Manager and *there* I could find the Server Certificates feature which let me import *.internal.foo.com. Clicking on the default web site Server Certificates is not located there. Once imported I could Right click on the default site and go to Bindings and add the 443 with the cert. Thanks much!
0
btanExec ConsultantCommented:
Thabks for sharing.  
You may have to restart IIS or the server for it to recognize the new certificate.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PKI CERTIFICATES

From novice to tech pro — start learning today.