Not logged in - Login
< back

SSL Certificate Signing and Configuration

Overview

An SSL certificate enables encrypted web traffic over HTTPS. The certificate contains RSA keys for encrypting web traffic. When browsing over HTTPS the browser will attempt to validate a server's SSL certificate with a third party called a certifying authority or CA. In order for a browser to accept a server's certificate the server's domain name must match the domain name registered with the CA for that certificate. SSL certificates may be "self signed" but they will only be accepted by a web browser which is configured to explicitly trust the server.

SSL certificates are issued for each domain name served. Sites or web applications which share a common domain can also share an SSL certificate.

The procedure for enabling HTTPS is as follows:

  1. Create a Certificate Signing Request (CSR) on the server
  2. Submit the CSR to a Certifying Authority
  3. Receive a .cer certificate file from the CA
  4. Register the certificate on the web server
  5. Configure the server to use HTTPS with the signed certificate.

Creating a Certificate Signing Request in IIS

  1. Launch IIS
  2. Select the server node under connections
    ie the node above "Sites"
  3. Double Click Server Certificates under the IIS section
  4. Click "Create certificate request" in the actions sidebar
  5. Enter values. Common name should be the domain name. Must end in "colostate.edu"
  6. Click Next
  7. Select RSA provider
  8. Select 2048 bit length
  9. Click Next
  10. Enter file path for CSR. This is a text file containing encoded information about the server and the encryption key

Submitting a CSR via CSU-ACNS

Registering a certificate with IIS

Configuring IIS to use HTTPS