How to Create HTTP WebSite using SSL Certificate
WindowsServer2012R2

How to Create Secured https website using SSL Certificate

RakeshKapoor

How to create secured HTTPS website using SSL Certificate

Securing data is very important for any Organization. In this article, we’ll learn the steps to create secured https website using SSL Certificate. Hyper Text Transfer Protocol Secure (HTTPS) website is used to host a secure website which is encrypted. Encryption converts the data into encrypted format, it secures the data while it’s transferring over the WAN. The default port of HTTPS site is 443. Any website that wants to secure the communication use HTTPS for secure transactions. SSL Certificate can be used to secure both internal and external communication. External certificates can be purchased from Organizations like GeoTrust.

Steps to Create Secured https website using SSL Certificate in Windows Server 2012 R2.

Let’s take a scenario, we have two servers, DC04 is our Domain Controller and DC01 is our WebServer. We have already installed Internet Information Services on DC01 and installed Certificate Authority on DC04. Process begins with the steps of requesting certificate from the Certificate Authority, in this example, we’ll request Certificate from the internal Certificate Authority.

1. To request the certificate go to Server DC01 (WebServer), open IIS manager, click on Computer name “DC01” then click on Server Certificates icon.

How to create HTTPS site (1)
How to Create HTTP WebSite using SSL Certificate

2. In Server Certificates, On the right side click on Create Certificate Request to raise a new request for a certificate.

How to create HTTPS site (2)

3. To create secured https website using SSL certificate, in ‘Distinguished Name Properties’ Console, here we have to specify the required information for the certificate like Common name, Organization, City, State and Country.

How to create HTTPS site (4)

4. In ‘Cryptographic Service Provider Properties’ select “Microsoft RSA SChannel Cryptographic Provider” and select ‘2048’ bit length. The bit length of the encryption key determines the certificate’s encryption length. The greater the bit length, the greater the security.

How to create HTTPS site (6)

5. In ‘File Name’ give the path where we want to save certificate request. In this practical, we have save this file in “C:\CertificateRequest\Request.txt” Click on finish to complete.

How to create HTTPS site (7)

6. Now, open the certificate request from the location where we have saved it i.e. “C:\CertificateRequest\Request.txt” and copy all the content. Make sure that do not make any changes in this file. If you are requesting for external certificate then send this file to your certificate vendor.

How to create HTTPS site (8)

7. Open Internet Explorer and type ‘http://dc04/certsrv‘ (Certificate Authority), through this address we’ll access the “Active Directory Certificate Services” WebSite, via this website we can request and retrieve certificates. Click on “Download CA certificate, certificate chain, or CRL”. This certificate is used to establish trust between client and Certificate Authority and would create secured https website using SSL Certificate. 

How to create HTTPS site (9)

8. On Download a CA Certificate, Certificate Chain, or CRL console, select Base64 and click on “Download CA certificate” to download this certificate.

How to create HTTPS site (10)

9. Save the Certificate in your desired location. Here, we are saving it in “C:\Certificates” and rename this certificate to ‘Root‘.

How to create HTTPS site (12)

10. Again Open Internet Explorer and type ‘http://dc04/certsrv‘ for requesting a certificate for the website to make it encrypt. Encryption will make the website secure for safe transferring of data.

How to create HTTPS site (13)

11. On Request a Certificate console click on “advanced certificate request” for submitting a request for client certificate.

How to create HTTPS site (14)

12. On Advanced Certificate Request console click on “Submit a certificate request by using a base-64-encoded CMC or PKCS#10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file”.

How to create HTTPS site (15)

13. On Submit a Certificate Request or Renewal Request console, paste the content of certificate request which we have created and saved it in”C:\CertificateRequest\Request.txt“, select ‘web server‘ from the drop down menu in Certificate Template. Click on submit to submit a request.

How to create HTTPS site (16)

14. On Certificate Issued console select Base,64 encoded and download the certificate by clicking on Download certificate.

How to create HTTPS site (17)

15. Save the Certificate in your desired location. Here, we are saving it in “C:\Certificates” and rename that certificate to ‘DomainCertificate’.

How to create HTTPS site (19)

16. Open the folder where we saved our certificates and double click on Root certificate to install it.

How to create HTTPS site (20)

17. On Certificate console click on ‘Install Certificate‘.

How to create HTTPS site (21)

18. On Welcome to the Certificate Import Wizard,  we can see all the elements perform by root certificate and have to select the store location where this certificate is kept. Click Next to continue.

How to create HTTPS site (22)

19. On Certificate Store console either we can specify a location for the certificates or select ‘Automatically select the certificate store based on the type of certificate’ so that windows can automatically select a certificate store. Click on Next.

How to create HTTPS site (23)

20. On “Completing the Certificate Import Wizard” we can verify all the specify settings. Click on Finish to start the import of certificate.

How to create HTTPS site (24)

21. A confirmation box will appear regarding the successful import of the certificate.

How to create HTTPS site (25)

22. Open IIS console and click on Server Certificates. Now click on ‘Complete Certificate Request‘ to complete and install the domain certificate.

How to create HTTPS site (28)

23. On ‘Specify Certificate Authority Response’ console specify the path of the domain certificate (C:\Certificates\DomainCertificate.cer), give a friendly name and select the certificate store for the new certificates to Personal. Click on OK.

How to create HTTPS site (29)

24. On Server Certificates console, we can verify that our domain certificate with name DC01 is listed in Server Certificates.

How to create HTTPS site (30)

25. Open the bindings of the site by clicking on Edit Bindings.

How to create HTTPS site (31)

26. On Site Bindings console, we can see that this site is currently running on port 80. Click on Add to add a new binding.

How to create HTTPS site (32)

27. To create secured https website using SSL certificate, select https in type, verify the port 443 and select the SSL certificate (DC01) which we have installed. Click on OK to create this new binding.

How to create HTTPS site (33)

28. Verify all the site binding settings and click on Close.

How to create HTTPS site (35)

29. Open Internet Explorer and type FQDN in the address bar (https://dc01.itingredients.com)  and hit enter. We can verify that this site is https site by the lock icon and https written before web address of the site. This clearly show that this website is running on port 443 and is encrypted.

How to create HTTPS site (36)
How to Create HTTP WebSite using SSL Certificate