Note this guide assumes Internet Information Services (IIS) version 10 and InCommon<\/a> as the certificate provider. Some steps may vary depending on version and vendor. If you are unsure, contact your vendor or leave a question in the comments below.<\/p>\n\n\n\n Acquiring a certificate from your vendor requires sending a CSR. Some vendors offer a tempting automated setup option. Don’t fall for that trap. Automated CSR setups have dubious reliability, and IIS is notoriously finicky about certificates. You will find it simpler and less frustrating to perform the steps yourself. <\/p>\n\n\n\n Open IIS Manager and select the target server. <\/p>\n\n\n Locate and open the Server Certificates plugin. It is included as part of the default IIS Installation.<\/p>\n\n\n Select Create Certificate Request and fill out the name properties. The information you provide here largely depends on your relationship with certificate vendor. If there is a mismatch, the vendor may deny your certificate or IIS will throw errors during later steps that are very difficult to diagnose. <\/p>\n\n\n\n When you are finished filling out the form, click Next.<\/p>\n\n\n At the Cryptographic Service Provider Properties dialog, select the following options, then click Next:<\/p>\n\n\n\n Enter the file name and location, then click Finish. This creates a Certificate Signing Request (CSR) file. You’re going to need the CSR file in subsequent steps, so make sure it’s easy to find, but don’t put it in a publicly accessible folder.<\/p>\n\n\n Now that you have a completed CSR, you can send it to the vendor for signing. It goes without saying there are minor differences depending on the vendor, but the basic premise is universal. All reputable certificate vendors offer robust support, so don’t be afraid to contact them and ask questions.<\/p>\n\n\n\n Log into your certificate vendor and create a request. For InCommon, you click Add at the certificates tab.<\/p>\n\n\n The vendor will attempt to auto-fill fields for basic information. Select SHA-2 for your certificate profile. The other fields should align with the information you filled out during CSR creation. Again, avoid mismatches.<\/p>\n\n\n When you complete the request, you will need to wait for your vendor to verify and issue a certificate. The time needed varies by vendor, but is usually about five minutes. Most vendors will alert you via email when the certificate is issued.<\/p>\n\n\n\n To download a certificate, log in and open the Certificates tab. Then check the appropriate certificate and click Details.<\/p>\n\n\n The details display provides information about your certificate and an option n to download. Click Select. If asked the type, select Certificate only, PEM encoded and download. The file extension should end with “.cer”.<\/p>\n\n\n Return to IIS, open the Server Certificates plug if it is not already, and select Complete Certificate Request.<\/p>\n\n\n When the Complete Certificate Request dialog opens, fill out the fields with following values:<\/p>\n\n\n\n Now hold your breath and click OK. If IIS is in a good mood, the certificate is installed. Breathe a sigh of relief. There’s more to do, but if anything was wrong, this is where the errors get thrown. If you do receive an error, I would again recommend you view this support article<\/a> for the some of the most common problems. If you are still stuck, leave a comment with your issue and maybe I can help. \ud83d\ude42 <\/p>\n\n\n\n Installing a certificate on its own doesn’t do anything to secure your site. You still need to bind through SSL (Secure Socket Layer). Open IIS Manager, and select the target site.<\/p>\n\n\n Locate the Actions sidebar, and open Bindings. Also note the available options under Browse heading.<\/p>\n\n\nCreating Certificate Signing Request (CSR)<\/h2>\n\n\n\n
![\"\"](\"https:\/\/www.caskeys.com\/dc\/wp-content\/uploads\/2021\/01\/image-3.png\")
<\/a><\/figure>\n<\/div>\n\n\n![\"\"](\"https:\/\/www.caskeys.com\/dc\/wp-content\/uploads\/2021\/01\/image-4.png\")
<\/a><\/figure>\n<\/div>\n\n\n![\"\"](\"https:\/\/www.caskeys.com\/dc\/wp-content\/uploads\/2021\/01\/image-6.png\")
<\/a><\/figure>\n<\/div>\n\n\n![\"\"](\"https:\/\/www.caskeys.com\/dc\/wp-content\/uploads\/2021\/01\/image-7.png\")
<\/a><\/figure>\n<\/div>\n\n\n![\"\"](\"https:\/\/www.caskeys.com\/dc\/wp-content\/uploads\/2021\/01\/image-8.png\")
<\/a><\/figure>\n<\/div>\n\n\nRequest Signing From Vendor <\/h2>\n\n\n\n
![\"\"](\"https:\/\/www.caskeys.com\/dc\/wp-content\/uploads\/2021\/01\/image-13.png\")
<\/a><\/figure>\n<\/div>\n\n\n
The vendor will ask for your CSR file. You may upload the file or copy the contents directly. They should look something like this:<\/p>\n\n\n\n![\"\"](\"https:\/\/www.caskeys.com\/dc\/wp-content\/uploads\/2021\/12\/image.png\")
<\/a><\/figure>\n\n\n\n![\"\"](\"https:\/\/www.caskeys.com\/dc\/wp-content\/uploads\/2021\/01\/image-2.png\")
<\/a><\/figure>\n<\/div>\n\n\n![\"\"](\"https:\/\/www.caskeys.com\/dc\/wp-content\/uploads\/2021\/01\/image-14.png\")
<\/a><\/figure>\n<\/div>\n\n\n![\"\"](\"https:\/\/www.caskeys.com\/dc\/wp-content\/uploads\/2021\/01\/image-15.png\")
<\/a><\/figure>\n<\/div>\n\n\nInstall Certificate<\/h2>\n\n\n\n
![\"\"](\"https:\/\/www.caskeys.com\/dc\/wp-content\/uploads\/2021\/01\/image-11.png\")
<\/a><\/figure>\n<\/div>\n\n\n![\"\"](\"https:\/\/www.caskeys.com\/dc\/wp-content\/uploads\/2021\/01\/image-12.png\")
<\/a><\/figure>\n<\/div>\n\n\nBinding<\/h2>\n\n\n\n
![\"\"](\"https:\/\/www.caskeys.com\/dc\/wp-content\/uploads\/2021\/01\/image-16.png\")
<\/a><\/figure>\n<\/div>\n\n\n
![\"\"](\"https:\/\/www.caskeys.com\/dc\/wp-content\/uploads\/2021\/01\/image-21.png\")
<\/a><\/figure>\n<\/div>\n\n\n![\"\"](\"https:\/\/www.caskeys.com\/dc\/wp-content\/uploads\/2021\/01\/image-20.png\")
<\/a><\/figure>\n<\/div>\n\n\n