SSL Certificate Installation on IIS 8 & 10

SSL Certificate Installation on IIS 8 & 10

SSL Installation process

Get your SSL files ready

Once you have your SSL certificate បានធ្វើឱ្យសកម្ម, validated and issued, you will receive the certificate files in a .zip archive by email. Alternatively, you can download it from your 1Byte account as shown នៅ​ទីនេះ.

For SSL installation on Windows, you should use the .p7b file from the downloaded archive. It contains the end-entity certificate for your domain and the combined Certificate Authority intermediate certificates (CA bundle). You can also use the .cer (not .crt or .cert) file for installation. This is similar to .p7b, as it contains both the certificate and CA bundle, but in a binary form.

If you have only .crt/.cert and .ca-bundle certificate files (e.g. files for a custom certificate), you can convert them into a .p7b file by using this ឧបករណ៍លើបណ្តាញ. Use the “PEM to PKCS7” option.

Install the SSL

ជំហានទី 1

ចាប់ផ្តើម អ្នកគ្រប់គ្រងសេវាព័ត៌មានអ៊ីនធឺណិត (IIS) by entering “inetmgr” into the search field located near the ចាប់ផ្តើម button or in the រត់ window, which can be launched by pressing the Win + R hotkey ។

ជំហានទី 2

ចុចទ្វេដងលើប៊ូតុង វិញ្ញាបនប័ត្រម៉ាស៊ីនមេ icon in the IIS Manager’s home page.

ជំហានទី 3

ដាក់កណ្ដុរលើ សកម្មភាព pane on the right side of the window and click បំពេញការស្នើសុំវិញ្ញាបនបត្រ.

ជំហានទី 4

The next screen – Specify Certificate Authority Response – contains 3 fields:

  • File name containing the certification authority’s response – browse the file system to find the .p7b certificate file.
  • ឈ្មោះមិត្តភាព – this field helps the server administrator to easily locate a particular certificate. For example, the ឈ្មោះដែន name of the certificate can be specified in this field.
  • Select a certificate store for the new certificate – keep this set to ផ្ទាល់ខ្លួន, តម្លៃលំនាំដើម។

ជំហានទី 5

When you have completed all the fields, click OK to import the certificate to the server storage.

ចំណាំ: If you receive a “Cannot find the certificate request…” error at this point, please refer to the heading "Cannot find the certificate request…” below this guide.

ជំហានទី 6

If installation is successful, a new entry will appear on the វិញ្ញាបនប័ត្រម៉ាស៊ីនមេ ទំព័រ។

ចំណាំ: If the certificate disappears from the list after importing, please check the heading “SSL disappears from the list” below this guide for a solution.

Bind the SSL to your site

ជំហានទី 1

The installed SSL certificate must now be assigned to a website by binding it to a secure port. To do this, select the គេហទំព័រ folder in the Connections panel on the left side of IIS Manager and click on the corresponding site. Then, in the សកម្មភាព panel on the right side, select Bindings….

ជំហានទី 2

ចុច បន្ថែម… នៅផ្នែកខាងស្តាំនៃ Site Bindings បង្អួច។

The next pop-up window will feature several fields that need to be modified:

  • ប្រភេទ – select “https” from the drop-down menu;
  • អាសយដ្ឋាន IP – choose the specific IP address or “All Unassigned”;
  • កំពង់ផែ – specify the port number for a secure connection. The default port number is 443;
  • ពួកគេផ្តល់វិញ្ញាបនបត្រ SSL – select the corresponding certificate, identified by the previously specified Friendly name.

ចុច OK to bind the certificate with the site. The new entry should appear in the Site Bindings បង្អួច។

ចំណាំ: Usually, there is no need to restart the server, so after the SSL certificate has been installed and the binding created, your site should become accessible via https:// in a browser.

To check if the certificate has been successfully installed, you can use នេះ ឧបករណ៍។

HTTPS redirect

Once you have an SSL certificate installed on your domain, you should enable HTTPS redirect to force all HTTP requests to use HTTPS instead. HTTPS is an extension of the HTTP protocol where the data transmission is encrypted using an SSL certificate.

On Windows, the HTTP to HTTPS redirection can be enabled with the help of the URL Rewrite module.

អ្នកអាចប្រើវាបាន ពិនិត្យ to see if the redirect was successfully enabled.

Possible issues with installation

“Cannot find the certificate request…”

Upon installing an SSL certificate on IIS, you may receive the following error:

The most common reason for this is that you are trying to import an SSL certificate activated with a Certificate Signing Request (CSR) generated outside of the server. If that is the case, you can:

ចំណាំ: make sure to create or edit the binding after the certificate is imported.

If you are sure the CSR was created on the server and you still receive this error, you can try the following:

  • Close the error window and refresh the installation window by pressing F5, and try again. If the certificate appears, finish the SSL installation by creating or editing a binding.
  • If the certificate does not appear, you can try to assign a friendly name to it by using MMC or certutil. The issue may be occurring due to the friendly name being left blank, so make sure to set it during installation. Check out the official អត្ថបទ from Microsoft on this issue.

If neither of the steps above helped, reissue your certificate using a new CSR created on the server and try to install it again.

SSL disappears from the list

Another common issue is the certificate disappearing from the list upon import. The possible methods of resolving this are similar to the the previous issue:

If the CSR was created on the server but the certificate disappears, you can try to force the link between the certificate and the private key.

Incomplete certificate chain

There is another issue that can be spotted on a Windows server. Even if you have an SSL certificate correctly installed, some users still may face security warnings when entering your site. The root cause is a peculiarity of how Windows servers handle the SSL handshake, which causes it to use an incorrect Root certificate from the Certificate Authority (CA) Bundle.

Although this issue is not common, it can happen on old devices. Read our detailed អត្ថបទ on the subject to find out more and how you can resolve it.