Configuring SSL on IIS

This topic describes the procedure for configuring SSL on IIS.

Secured Socket Layer (SSL) is a protocol that enables secure communication in a network. It prevents eaves dropping on a network and ensures that sensitive information is not tapped. Perform the following steps to configure SSL on IIS:

Create a Server certificate.

1. Certificates generated usually contain the machine name, it is recommended to use IP Address in the Subject Alternate Name attribute for working with Event Handling. For more information on creating a sample certificate, refer to Creating a Certificate in Windows.
2. To add the certificate to the personal folder of mmc, do the following:
   1. Click Start > Run and type mmc then press ENTER. The Console window appears.
   2. Click File > Add/Remove Snap-in... The Add/Remove Snap-in dialog box appears.
   3. Click Add... The Add Standalone Snap-in dialog box appears.
   4. Select Certificates from the list and click Add button. The Certificates snap-in wizard appears.
   5. Select Computer account option and Next button.
   6. Continue with the default options and click Finish button.
   7. Click Close button to return to the Add/Remove Snap-in dialog box.
   8. Click OK button to return to the console.
   9. In the tree structure in the Console window, under Certificates navigate to Trusted Root Certification Authorities.
   10. Right-click Personal Folder and click All Tasks > Import... The Certificate Import Wizard appears.
   11. Select the p12 file generated in the previous step.
   12. Click Next and then Finish. The certificate is added to the personal folder of mmc.

Install the server certificate:

1. Click Start > Control Panel > Administrative Tools > Internet Information Services (IIS) Manager.

   Tip: Alternatively, click Start > Run and type 'inetmgr' then press ENTER.

   The Internet Information Services window appears.

2. Navigate to the Process Platform Instance name virtual directory in the tree structure.
3. Right-click Process Platform Instance name and click Properties. The Process Platform Instance name Properties dialog box appears.
4. Click Directory Security tab.
5. In Secure communications pane, click the Server Certificate button. The IIS Certificate Wizard appears
6. Select the Assign an existing certificate option and click Next.
7. Select the certificate that was created and then click Finish.

   
   Note: If the certificate of IIS is obtained from a CA that is not part of the user trust store then configure the trust store in the server. Else, you will get a security alert later while accessing the virtual directory.

   The server certificate is now installed on the computer.

Enable SSL on IIS

1. On Internet Information Services window, navigate to the virtual directory for which you want to enable SSL.
2. Right-click <virtual directory> and click Properties.
3. Click Directory Security tab.
4. In the Secure communications pane, click Edit... button. The Secure Communications dialog box appears.
5. Select the Require secure channel (SSL) check box. SSL is enabled.

Assign a port number for SSL

1. Right-click <Web site> and then click Properties. The <Web site> Properties dialog box appears.
2. In the Web site identification pane, click Advanced button. The Advanced Multiple Web site Configuration dialog box appears.
3. In the Multiple SSL identities for this Web site pane, the Web site IP address is assigned to the default port number (443). To configure more SSL ports for the <web site>, click Add button in the Multiple SSL identities of this Web site pane, and click OK. The port number for SSL is assigned.
   IIS is now ready for use in SSL mode.