Windows 2019
Sponsored Link

IIS : SSL/TLS Settings
2019/08/30
 
Enable SSL/TLS Settings for Web Sites.
[1]
First, Buy or Get ot Create SSL Certificate.
[2]
Run PowerShell with Admin Privilege and Configure.
If you use SSL certificate that you got or create it on another Host, import it first.
If you created self signed certificate on the same Host with IIS like the link of [1], this work does not need, skip here.
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

# store export password you set on certificate to a variable
PS C:\Users\Administrator> $Password = ConvertTo-SecureString -AsPlainText -Force "P@ssw0rd" 

# import to [Cert:\LocalMachine\My]
# ⇒ on GUI look, stored under [Certificates - Local Computer] - [Personal]
PS C:\Users\Administrator> Import-PfxCertificate -FilePath C:\Users\Administrator\rx-7.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $Password 

   PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\My

Thumbprint                                Subject
----------                                -------
228940060FF922175C2F435A135FD1CB26FC3A84  CN=rx-7.srv.world
[3] Configure SSL/TLS settings on a Web Site.
This example is based on the environment that certificate is stored under the [Cert:\LocalMachine\My].
# confirm certificate
PS C:\Users\Administrator> Get-ChildItem Cert:\LocalMachine\My 

   PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\My

Thumbprint                                Subject
----------                                -------
228940060FF922175C2F435A135FD1CB26FC3A84  CN=rx-7.srv.world

# store target certificate to a variable $Cert
PS C:\Users\Administrator> $Cert = Get-ChildItem Cert:\LocalMachine\My\228940060FF922175C2F435A135FD1CB26FC3A84 

PS C:\Users\Administrator> Get-Website 

Name             ID   State      Physical Path                  Bindings
----             --   -----      -------------                  --------
Default Web Site 1    Started    %SystemDrive%\inetpub\wwwroot  http *:80:
RX-7.srv.world   2    Started    C:\inetpub\wwwroot\newsite     http *:80:rx-7.srv.world

# set SSL Binding to [RX-7.srv.world] site
PS C:\Users\Administrator> New-WebBinding -Name "RX-7.srv.world" -IPAddress "*" -HostHeader "rx-7.srv.world" -Port 443 -Protocol https 

# set $Cert to SSL Binding
PS C:\Users\Administrator> New-Item IIS:\SslBindings\0.0.0.0!443!rx-7.srv.world -Value $Cert 

PS C:\Users\Administrator> Get-Website 

Name             ID   State      Physical Path                  Bindings
----             --   -----      -------------                  --------
Default Web Site 1    Started    %SystemDrive%\inetpub\wwwroot  http *:80:
RX-7.srv.world   2    Started    C:\inetpub\wwwroot\newsite     http *:80:rx-7.srv.world
                                                                https *:443:rx-7.srv.world sslFlags=0

# verify accesses
# if self signed certificate, add [-k] (--insecure) option
PS C:\Users\Administrator> curl.exe https://rx-7.srv.world/ 
RX-7.srv.world Top Page
IIS : SSL/TLS Settings (GUI)
 
On GUI configuration, set like follows.
[4] First, import SSL certificate in certificates store.
On this example, import it under [Certificates - Local Computer] - [Personal] like follows.
[5] Configure SSL/TLS Setting for a Web Site.
Run [Start] - [Server Manager] and Click [Tools] - [Internet Information Services (IIS) Manager] and then Right Click the Site you'd like to set SSL binding on the left pane and Select [Edit Bindings].
[6] Click [Add] button.
[7] Select [https] on [Type] filed and input Web Site's Hostname on [Host name] field. For [SSL certificate] field, Select your certificate that you imported on [4] section.
[8] SSL binding is configured.
[9] Access to the Web Site with HTTPS to verify working.
Matched Content