Avatar of Darrin Moore
Darrin Moore
 asked on

How to install a SSL certificate on a non-public facing, non-domain joined Windows server?

We are trying to get a SSL certificate installed on a Windows 2012 server that is internal to our network (not public facing) and NOT joined to the domain (application provider requirement). Go Daddy is only able to provide information on how to get a certificate installed on a domain joined server. I cannot imagine that we are breaking new ground with this, but can't seem to figure out how this might be accomplished. Does anyone have any ideas?

InstallationWindows OSWindows Server 2012* certificate services* SSL Certificates

Avatar of undefined
Last Comment
Paul MacDonald

8/22/2022 - Mon

Hi Darrin,
If you are trying to install in IIS it is explained in the following article.
Paul MacDonald

Do don't mention what type of certificate this is, or what it's to be used for, which may qualify the advice you're given.

That said, if this is just a server certificate then all you should need to do is right-click the .pfx file from GoDaddy and select "Install PFX".
Darrin Moore

This is an SSL cert used for our internal users connecting to IIS. As i understand it (and admittedly i don't understand certs all that well) I need to generate a CSR for Go Daddy in order to validate that we are who we say we are and that is where we get hung up. Go Daddy sent these directions, but we get hung up on #4 because those servers aren't connected to a domain:

Generate CSR & private key

  1. In MMC, expand Certificates (Local Computer) and then Personal.
  2. Right-click Certificates, and then go to the following menus: All TasksAdvanced OperationsCreate Custom Request.
  3. Click Next.
  4. Click Active Directory Enrollment Policy. ****WE DONT HAVE THIS OPTION***
  5. From Template, click Web Server.
  6. Ensure the Request format is PKCS #10, and then click Next.
  7. Click the downward-facing arrow next to Details, and then click Properties.
  8. From the Type menu, select the following values, enter the corresponding Value, and then click Add:
    Common nameYour business or organization's name
    OrganizationYour business or organization's name
    LocalityYour business or organization's address
    StateThe state where your business or organization resides
    CountryThe country where your business or organization resides
  9. Click the General tab, and then enter a Friendly name you can use to refer to the certificate.
  10. Go to the Private Key tab, click Key type, and then select Make private key exportable.
  11. Click OK, and then click Next.
  12. Browse for the location where you want to save the file, enter a File Name, and then click Finish.
Your CSR is now stored in the file you saved it to on your local machine.
This process also creates a private key, which you will need to use later to create a PFX file to sign your code or drive

Instead on #4 we get to this screen and are unsure how to proceed:

Go Daddy says that it is outside of their scope to help in any capacity other than the documentation they sent. 
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
David Favor

https://www.experts-exchange.com/questions/29213813/How-to-fix-SSL-certificate-vulnerabilities.html provides one, rock solid approach, about how to accomplish this... easily...

Summary: Create a wildcard cert on a public facing site, then copy the wildcard cert files anywhere they're required, for use.
Paul MacDonald

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.