Adding a certificate on Win 2016 and IIS for https access to web site

I have a web server that was setup for an application internal monitoring application. After I got it all setup - of course the security team is not happy with it because it uses http instead of https. How do I add a certificate (*.internal.foo.com) to this Windows 2016 server and then make it available in IIS for the monitoring site? I *think* the answer is to use MCC with the certificate add-in. But then I get into the weeds as to should I use My user account, Service account, Compuer account. Where should I upload the certificate? Then in IIS can I just right click the default web site Edit Bindings, add https and presumably I'm then able to select a certificate since one was added in MCC?

Thank you.
LVL 1
amigan_99Network EngineerAsked:
Who is Participating?
 
btanConnect With a Mentor Exec ConsultantCommented:
I presume you are getting a certificate from your internal CA. Should be *.foo.com.

Install your issued SSL certificate. But make sure the root CA existed as the trusted CA as well as the chained certificate bundle, if any. These can be through MMC. Thereafter go through the binding steps.
https://support.quovadisglobal.com/kb/a478/how-do-i-install-an-ssl-certificate-into-microsoft-iis-10.aspx

You can see the screen flow in the IIS here
https://www.digicert.com/csr-creation-ssl-installation-windows-server-2016-digicert-utility.htm#configure-server
0
 
arnoldCommented:
Go through the iis console, the process shoukd be the same as other, sevurity settings, self-signed cert or create a csr and submit it for signature by any certificate authority.

Once you select the default site, look at site properties. Bindings are after. SSL, security....
0
 
arnoldCommented:
Most certificate signing vendors include guides to ...
https://www.godaddy.com/help/generate-a-csr-certificate-signing-request-5343
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

 
amigan_99Network EngineerAuthor Commented:
Thanks LVL66 - I think I've made progress loading the root and the intermediate certs in the stored described in the doc. Then I added the star.internal.foo.com cert into the web hosting area and I see it there. Since it's a wild card I don't think I need a CSR. So in IIS manager I Edited bindings on the default site and tried to Add the https and the cert. But it's not found. Any thought what I might be missing?
ScrnGrab4158-180308-17.37.jpg
0
 
amigan_99Network EngineerAuthor Commented:
The last step to get my wildcard cert into IIS was to click on the Server in IIS Manager and *there* I could find the Server Certificates feature which let me import *.internal.foo.com. Clicking on the default web site Server Certificates is not located there. Once imported I could Right click on the default site and go to Bindings and add the 443 with the cert. Thanks much!
0
 
btanExec ConsultantCommented:
Thabks for sharing.  
You may have to restart IIS or the server for it to recognize the new certificate.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.