Not logged in - Login
< back

SSL Certificate Signing and Configuration

Overview

An SSL certificate enables encrypted web traffic over HTTPS. The certificate contains RSA keys for encrypting web traffic. When browsing over HTTPS the browser will attempt to validate a server's SSL certificate with a third party called a certifying authority or CA. In order for a browser to accept a server's certificate the server's domain name must match the domain name registered with the CA for that certificate. SSL certificates may be "self signed" but they will only be accepted by a web browser which is configured to explicitly trust the server.

SSL certificates are issued for each domain name served. Sites or web applications which share a common domain can also share an SSL certificate.

The procedure for enabling HTTPS is as follows:

  1. Create a Certificate Signing Request (CSR) on the server
  2. Submit the CSR to a Certifying Authority
  3. Receive a .cer certificate file from the CA
  4. Register the certificate on the web server
  5. Configure the server to use HTTPS with the signed certificate.

Creating a Certificate Signing Request in IIS

  1. Launch IIS
  2. Select the server node under connections
    ie the node above "Sites"Sites
  3. Double Click Server Certificates under the IIS section
  4. Click "CreateCreate certificate request"request in the actions sidebar
  5. Enter values. Common name should be the domain name. Must end in "colostate.edu"colostate.edu
  6. Click Next
  7. Select RSA provider
  8. Select 2048 bit length
  9. Click Next
  10. Enter file path for CSR. This is a text file containing encoded information about the server and the encryption key

Submitting a CSR via CSU-ACNS

  1. Open the CSR file and copy the text content
  2. Visit CSU-ACNS InCommon Certificate Request page
  3. Sign in with CSU eid cert
  4. typeEnter Parameters
    1. Contact Email - The email address where the certificate will be sent
    2. Cert Type :Basic SSL (SHA-2)
    3. CSR: textText copied from CRS file generated using iisIIS
    4. fqdn:FQDN: views.cira.colostate.eduServer termdomain name ending in colostate.edu
    5. Term: 3 years
    6. serverServer softwareSoftware: Microsoft IIS 5.x +
  5. Click Check CSR and resolve any errors
  6. Click Send Request
  7. Await email with URL to download certificate
    Many forms of the certificate are given. Download the one labeled as X509 Certificate only, Base64 encoded

Registering a certificate with IIS

Configuring IIS to use HTTPS