2

Our team has a Windows 2008 server which is used primary for a common IIS dev box.

I want to enable SSL on one of the websites on IIS, so that it can only be accessed via HTTPS.

I created a self-signing certificate in IIS and installed it. However when I access the website via the browser (Chrome, Firefox or IE - doesn't matter), it always gives the scary..."this is not secure" screen. I've tried installing the certificate on my own computer, rebooting and I still get that screen.

One thing that I noticed is when I create a self-signed certificate, it adds the domain name to it...for instance, the name of the box is webIIS and our login domain is COMPANYDOMAIN. So it will say that the certificate was created by webIIS.COMPANYDOMAIN.com. This url resolves to nothing, since there is no such thing.

Am I going about it the wrong way?

Improve this question
3
  • Possible duplicate of How can I create a test signing certificate? Commented Oct 19, 2015 at 23:54
  • @LexLi It is not even close to being duplicate. The link you provided is about creating a certificate with a) code and b) for a local box. I need one for a server, that is not local. Commented Oct 20, 2015 at 6:30
  • whatever works for a local box also works for a server, as anyway it is a self signed X509 certificate. The only difference you might care is the common name. Commented Oct 20, 2015 at 11:44

1 Answer 1

Reset to default
1

I've answered a similar question here.

Few afterwords:

  • Your server should have a dns name. If it is in a domain (Active directory or something) it surely does. Find it, use it in CN of the SSL certificate.
  • CA that will issue SSL certificate should be trusted by clients accessing the server and by the server itself. Place CA certificate in Trusted Root Store (in LocalMachine store) on the server and all clients that will access it. If you have Active Directory it should be pretty simple to distribute it.
  • CRL that CA has to issue in defined intervals (it's up to you if the CRL will be issued one a day, month, year or lifetime) has to be accessible by clients and server. Either place it at http url that you gave when issuing SSL certificate or manually place in each certificate store (in Trusted Root Store).
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.