IIS.10 Microsoft SSL Install

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hi this is emma from ssltrust.com australia and in this video i am gonna be showing you how you can successfully install an ssl certificate on your website through the is 10 web service manager so let's get started so this is the website we're looking to secure and as you can see our connection to this site is not yet secure and we're gonna make sure it is so the first thing is that we're gonna connect to our web server and open the internet information services manager head over to the service home page go to iis under iis you will find an option called server certificates we are going to click on that and we are going to create a certificate sign request you find a button on the top right click on that and we're going to fill in up these details out real quick so basically a csr or a customer sign-in request is nothing but a request initiated by you the client to the certificate authority which contains all necessary information such as the domain name and business details which are stored in a hashed form on the technical side it also contains the public key which will be signed by the certificate authority and return to you in the issued certificate so under common name type in your domain name real quick your organization the organizational units such as i t your city your state and the two data abbreviation for your country or you can select it from the drop down menu here and click on next we are going to be choosing the microsoft rsa cryptographic provider for this video and we're going to set the pitlin to 2048 click on next and let's save it on desktop let's call it server dot csr and we're gonna click on finish so open that document text file and you've successfully generated your certificate requests once we've generated our certificate sign request or csr we can now move on to purchase and configure our ssl certificate so i'm here at ssl trust the the ssl trust homepage and now i am going to purchase and configure ssl certificate so click on the ssl certificate or the type of ssl certificate you like choose your brand there are lots of certificate authorities available and we are gonna go with the cheapest one for this video click on buy scroll down choose your the duration of your certificate and click on buy ssl once you do that you can click on the checkout checkout button here fill in all your billing details and you can choose your preferred method of payment and purchase your certificate once you click on complete order you can come back to the dashboard select your ssl certificate that you've purchased and you can click on the start certificate configuration button here or send this link to the appropriate person to complete the configuration for you so we can we can click on this button here and we will now the first thing we'll do is paste in our certificate sign request so go back to your server copy your certificate sign request from the very start to the very end including all the dashes and we are going to paste it here once you're done with that click on the verify crsr button here and if your details pop up just right then we're good to go otherwise you will need to re generate your certificate sign request select your web server type click on next step fill in your details your email address and if you're the admin and you have a technical contact who can do this for you be sure to use the admiral details and click on next so now comes the important part or domain control validation so basically you need to prove to the certificates already issuing your certificate that you have complete access to your domain name and you are the sole owner of it so there are various methods to validate your domain name the first is the email method so you can choose one of these five email addresses and you will be sent an email from the certificate authority containing a link by which when you click on it your validation method should be complete and your certificate should be issued the second method is the http file method so you will need to create this directory or with this file name in the text file and copy and paste this contents into that and wait for it to propagate on your server and be available for http access and the third and the world easiest method for us is we are going to be using the cnm record method you just need to access your dns settings with either your domain or hosting provider and create a new record and wait for it to propagate via the dns so copy the scene name record value over to your dns settings with your selected provider and add a record set this is going to be a cname record and paste in the name here and the alias is going to be this value so copy it and paste it here click on ok once you're done with that we you can check your dns record by clicking this button here click on search and wait for your dns record to propagate this should take a few minutes tops or up to an hour depending on your dns propagation speed so we're gonna click on submit configuration for now and our configuration was a success this is our order number and our status is that we are awaiting validation so you can click here to access the validation manager and our domain control validation was complete you can come if your dns record is not propagated yet and you want to check if it has you can come back here click on this button here and select your method of domain control validation and click on submit to make sure that the record on the certificate provider sites is updated and you are quickly issued with your certificate otherwise you can head over to the ssl plus dashboard if you're lost that is and choose your certificate and there will be a button here called access validation manager you can click on that and access your validation manager here otherwise we're good to go so now that we're done with this let's close this up head over to the ssr's dashboard and let's let's download our certificate so click on the collect download certificate button here and we are going to download it here with a dot uh the single dot pem file containing all the certificates this will be the format that is most appropriate for is so we're gonna click download our certificate and save it on our desktop let's call it ssl guide certificate and save so now we are going to copy our certificate or you can access the link via your server and download it from there otherwise we can come back here let's close up our csr and go to is and we can click on the complete certificate request button here before that we need to upload our certificate to our server so let's go to the directory your files are hosted in the website files and paste it here on the desktop any appropriate location that is suitable for you and once it is pasted we are gonna move on to installing our certificate so open is again and click on the complete certificate request button on the top right i'm gonna click on that and choose the file name containing the certificate authorities response so i know it is in windows your website's name and if it's not in dot zero extension you can click on this button here select your certificate click on open friendly name let's call it ssl guides and we are using it for web hosting and click on ok so once your certificate is incorporated you can now enable it by going to your website going to ssl settings under is but as you can see that we do need to have an https binding to accept ssl connections before we can change the settings so what we're going to do now is go to exchange go to sites and we are going to add an https binding you'll find the option on the top right called bindings click on that and we are going to add a binding and https binding and the host name is going to be your domain name dot com whatever and select your ssl certificate i named it as a server guides and click on ok once you're done with that we can now access the ssl settings under ios and you can require ssl and ignore client certificates for now let's apply this setting and we could go so let's access our website now https colon double slash yourdomainname.com and as you can see our connection to the site is now secure we have successfully installed a ssl certificate on iis web server on our website so one more thing that i would like to show you is that you can disable older versions of tls on your web server to make sure that you get the best rating on your ssl labs test and that all best practices are being followed to do that i'm going to show you how we can do that real quick so first of all you will need to open a directory call or the low level command interface called registry editor or regedit in short we're going to open that and you can now get here or find the commands in the written description or the written script that you can run as a dot reg file to make sure that all these low level commands are changed so for now you can follow this with me click on your local machine go to system and now we are gonna go to current control set double one go to control then you go to security providers scroll down go to security providers s channel select the protocols and let's widen this a bit and we can add in the commands for older versions of tls such as sll 2.0 and tls 1.1 and 1.0 to do so we're going to right click on this let's create a new key tls 1.0 and tls 1.1 if you click on ssl 3.0 you will see that we have to create it for both client and server so again create new key client new queue again server the same for tls 1.1 client and server so go to the client folder now click on new the device 32-bit value and type it exactly as i'm typing now disabled by d4 make sure the respective letters are in capital right click modify and change it to one do it that's it for the same on the server side new device value disabled by default modify one save the same for the tls 1.1 protocol disable by default new deeper value oh i'm sorry let's delete this we're going to modify this to one this will disable the older versions of ssl protocols such as tls 1.1 and 1.0 on both the client and server side so you can maintain the best chain or the best practices for encryption on your website change it to one and click on ok so once you're done with that you can restart your is web server so head over to your web server again and click on restart but it is best to restart your web server it's it and wait for these changes to be incorporated so once you're done with that you can head over to website called sslabs.com and test your service ssl configuration how well does your ssl certificates do type in your domain name within https colon double slash your domain name dot com or you can copy and paste it and click on submit okay so we're done with the iso labs test and we've got an overall rating of a thanks to our efforts to disable older versions of protocols such as tls 1.0 and 1.1 which you can see here these are disabled and this side for shields suites look good everything is good to go basically if you've got an overall rating of better a or better than a then you're pretty much good to go the ssl certificate is working perfectly on your site so you can expect to stay as safe as possible so i hope that you were easily able to install an ssl certificate on your website while the is 10 web server if you've got any problems or doubts you can type them in the comments below also i forgot to mention that there is a written guide attached in the description of this video and that's it so if you were easily able to install an ssl certificate on your website please like this video questions put them in the comments below and thanks for watching and until next time then

Info

Channel: SSLTrust

Views: 2,106

Rating: undefined out of 5

Keywords: windows, iis, iis10, domains, ssl, tls, install, howto, guide, help, instructions, certificate, hosting, secure, https, padlock, website, domain, https://, Internet Information Services, Microsoft, Microsoft Internet Information Services

Id: drqOusSPWVo

Channel Id: undefined

Length: 19min 7sec (1147 seconds)

Published: Sun Jul 25 2021