SSL Certificate Signing and Configuration
Overview
An SSL certificate enables encrypted web traffic over HTTPS. The certificate contains RSA keys for encrypting web traffic. When browsing over HTTPS the browser will attempt to validate a server's SSL certificate with a third party called a certifying authority or CA. In order for a browser to accept a server's certificate the server's domain name must match the domain name registered with the CA for that certificate. SSL certificates may be "self signed" but they will only be accepted by a web browser which is configured to explicitly trust the server.SSL certificates are issued for each domain name served. Sites or web applications which share a common domain can also share an SSL certificate.
The procedure for enabling HTTPS is as follows:
- Create a Certificate Signing Request (CSR) on the server
- Submit the CSR to a Certifying Authority
- Receive a .cer certificate file from the CA
- Register the certificate on the web server
- Configure the server to use HTTPS with the signed certificate.
Creating a Certificate Signing Request in IIS
- Launch IIS
- Select the server node under connections
ie the node above "Sites" - Double Click Server Certificates under the IIS section
- Click "Create certificate request" in the actions sidebar
- Enter values. Common name should be the domain name. Must end in "colostate.edu"
- Click Next
- Select RSA provider
- Select 2048 bit length
- Click Next
- Enter file path for CSR. This is a text file containing encoded information about the server and the encryption key