|
⇤ ← Revision 1 as of 2021-10-27 20:29:49
Size: 2004
Comment:
|
Size: 2390
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 68: | Line 68: |
| Now all that's left is to set the binding... (Will finish later) | Note down the thumbprint value, you will need it in the next step. Now all that's left is to set the binding. If you haven't changed anything on a default install, there will be no https binding. So we just create a new one. {{{#!highlight powershell New-IISSiteBinding -Name "Default Web Site" -BindingInformation "*:443:" -CertificateThumbPrint "[fingerprint of cert]" -CertStoreLocation "Cert:\LocalMachine\Webhosting" -Protocol https }}} |
Installing a new certificate on IIS running on Server Core
Step 1: Create a request.inf file from below
;--- request.inf --- [Version] Signature="$Windows NT$" [NewRequest] ; Replace Country with the 2-letter ISO code for your country ; Replace State with your state or province, without abbreviation ; Replace City with your city ; Replace Organization with your company ; Replace Organization_Unit with your department, or remove OU=Organizational_Unit entirely ; Replace www.example.com with the hostname you're requesting a certificate for ; For a wildcard SSL certificate, this would be *.example.com Subject = "CN=www.example.com, OU=Organizational_Unit, O=Organization, L=City, S=State, C=Country" ; Key Exchange - for encryption KeySpec = 1 ; 2048 bits minimum, 3072 or 4096 are valid too KeyLength = 2048 ; Needed if you need to export the certificate to another server Exportable = TRUE ; Indicates a server certificate, not a user certificate MachineKeySet = TRUE SMIME = False UserProtected = FALSE ; Generate a new private key UseExistingKeySet = FALSE ; RSA key ProviderName = "Microsoft RSA SChannel Cryptographic Provider" ProviderType = 12 ; Standard of CSR's RequestType = PKCS10 ; Digital signatures and encryption KeyUsage = 0xa0 [EnhancedKeyUsageExtension] ; Server authentication OID=1.3.6.1.5.5.7.3.1 ;------------------------------
After editing this create the request:
certreq -new request.inf request.csr
Now that you have created the request, submit it to your certificate authority. If you are running your own on windows, try the following:
certreq -submit -attrib "CertificateTemplate:WebServer" "[path to your request.inf file]"
Save the new certificate as request.cer (or whatever you want to name it)
Import this certificate to your server for future use.
certreq -accept request.cer
Note down the thumbprint value, you will need it in the next step.
Now all that's left is to set the binding. If you haven't changed anything on a default install, there will be no https binding. So we just create a new one.
Toggle line numbers
1 New-IISSiteBinding -Name "Default Web Site" -BindingInformation "*:443:" -CertificateThumbPrint "[fingerprint of cert]" -CertStoreLocation "Cert:\LocalMachine\Webhosting" -Protocol https