asked on
How to install a SSL certificate on a non-public facing, non-domain joined Windows server?
We are trying to get a SSL certificate installed on a Windows 2012 server that is internal to our network (not public facing) and NOT joined to the domain (application provider requirement). Go Daddy is only able to provide information on how to get a certificate installed on a domain joined server. I cannot imagine that we are breaking new ground with this, but can't seem to figure out how this might be accomplished. Does anyone have any ideas?
InstallationWindows OSWindows Server 2012* certificate services* SSL Certificates
Last Comment
Paul MacDonald
Do don't mention what type of certificate this is, or what it's to be used for, which may qualify the advice you're given.
That said, if this is just a server certificate then all you should need to do is right-click the .pfx file from GoDaddy and select "Install PFX".
That said, if this is just a server certificate then all you should need to do is right-click the .pfx file from GoDaddy and select "Install PFX".
ASKER
This is an SSL cert used for our internal users connecting to IIS. As i understand it (and admittedly i don't understand certs all that well) I need to generate a CSR for Go Daddy in order to validate that we are who we say we are and that is where we get hung up. Go Daddy sent these directions, but we get hung up on #4 because those servers aren't connected to a domain:
This process also creates a private key, which you will need to use later to create a PFX file to sign your code or driver.
Instead on #4 we get to this screen and are unsure how to proceed:
Go Daddy says that it is outside of their scope to help in any capacity other than the documentation they sent.
Generate CSR & private key
- In MMC, expand Certificates (Local Computer) and then Personal.
- Right-click Certificates, and then go to the following menus: All Tasks > Advanced Operations > Create Custom Request.
- Click Next.
- Click Active Directory Enrollment Policy. ****WE DONT HAVE THIS OPTION***
- From Template, click Web Server.
- Ensure the Request format is PKCS #10, and then click Next.
- Click the downward-facing arrow next to Details, and then click Properties.
- From the Type menu, select the following values, enter the corresponding Value, and then click Add:
Type Value Common name Your business or organization's name Organization Your business or organization's name Locality Your business or organization's address State The state where your business or organization resides Country The country where your business or organization resides - Click the General tab, and then enter a Friendly name you can use to refer to the certificate.
- Go to the Private Key tab, click Key type, and then select Make private key exportable.
- Click OK, and then click Next.
- Browse for the location where you want to save the file, enter a File Name, and then click Finish.
This process also creates a private key, which you will need to use later to create a PFX file to sign your code or driver.
Instead on #4 we get to this screen and are unsure how to proceed:
Go Daddy says that it is outside of their scope to help in any capacity other than the documentation they sent.
https://www.experts-exchange.com/questions/29213813/How-to-fix-SSL-certificate-vulnerabilities.html provides one, rock solid approach, about how to accomplish this... easily...
Summary: Create a wildcard cert on a public facing site, then copy the wildcard cert files anywhere they're required, for use.
Summary: Create a wildcard cert on a public facing site, then copy the wildcard cert files anywhere they're required, for use.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
If you are trying to install in IIS it is explained in the following article.
https://www.digicert.com/kb/csr-creation-ssl-installation-iis-10.htm