How To Generate Ssl Certificate In Windows Server 2012 R2

Use the DigiCert^® Certificate Utility for Windows to create a CSR and install your SSL certificate on Windows Server 2012

These instructions explain how to utilise the DigiCert Certificate Utility for Windows with IIS viii and IIS eight.v to create your CSR, to install your SSL document, and to configure your Windows Server 2012 to employ the certificate.

DigiCert Certificate Utility for Windows

For a simpler way to create your CSRs (Document Signing Requests) and install and manage your SSL certificates, nosotros recommend that you utilise the DigiCert Certificate Utility. For more than information about our utility, see DigiCert Certificate Utility.

Use the instructions on this page to create your certificate signing request (CSR) and to install and configure your SSL certificate.

1. To create your CSR, meet Windows Server 2012: Creating Your CSR with the DigiCert Utility.

2. To install your SSL document, see Windows Server 2012: Using the DigiCert Utility & IIS 8 or IIS 8.5 to Install and Configure Your SSL Document.

If you lot prefer not to utilise the DigiCert Utility, or for some reason cannot employ the utility, see IIS eight and IIS 8.5: Create CSR and Install SSL Certificate.

Step 1: Create Your CSR on Windows Server 2012 with the DigiCert Utility

The DigiCert Certificate Utility for Windows streamlines the CSR cosmos process by providing easy, one-click CSR creation and certificate installation.

How to Create Your CSR with the DigiCert Utility

1. On your Windows Server 2012, download and save the DigiCert Certificate Utility executable (DigiCertUtil.exe).

2. Open the DigiCert Certificate Utility (double-click DigiCertUtil).

3. In the DigiCert Certificate Utility for Windows©, click SSL (gold lock), and then, click Create CSR.

   

4. On the Create CSR page, provide the following information below and so click Generate.

   Certificate Type:	Select SSL.
   Common Name:	The fully-qualified domain name (FQDN) (due east.g., www.example.com).
   Bailiwick Alternative Names:	If you lot are requesting a Multi-Domain (SAN) Certificate, enter whatsoever SANs that you want to include (due east.g., www.example.com, www.example2.com, and www.example3.net).
   Organization:	Your visitor's legally registered name (due east.thou., YourCompany, Inc.).
   Department:	The name of your section within the organization. This entry volition commonly be listed every bit "IT", "Web Security", or is merely left blank.
   Metropolis:	The city where your visitor is legally located.
   State:	Apply the driblet-down listing to select the land where your company is legally located. Note: If your visitor is located outside the US, yous can type the applicable proper name in the box.
   Country:	Use the drib-downwards list to select the country where your company is legally located.
   Key Size:	In the driblet-downward list, select 2048 (unless you have a specific reason for using a larger fleck length).
   Provider:	In the drib-down listing, select Microsoft RSA SChannel Cryptographic Provider (unless you have a specific cryptographic provider).

   

5. On DigiCert Certificate Utility for Windows^© - Create CSR page, do i of the following:

   ClickCopy CSR.

   Copies the document contents to the clipboard. Use this option if you are ready to paste the CSR into the DigiCert order form. Note: Because the DigiCert Certificate Utility does not store CSRs, we recommend you paste the CSR into a text editor (such as Notepad) when using this option. If you close the CSR page and accidentally overwrite the clipboard contents without doing this, you will demand to generate a new CSR.

   ClickSave to File.

   Saves the CSR equally a .txt file to the Windows Server 2012. (Nosotros recommend using this option.)

   

6. Click Close.

7. If y'all saved the CSR to a file, open the CSR file using a text editor (such as Notepad). Then, copy the text (including the -----Begin NEW Certificate REQUEST----- and -----END NEW CERTIFICATE Asking----- tags), and paste information technology into the DigiCert order form.

8. After receiving your SSL document from DigiCert, you can use the DigiCert Certificate Utility to install it.

Step 2: Install Your SSL Certificate on Windows Server 2012 Using the DigiCert Utility

If you lot haven't created your CSR with the DigiCert Certificate Utility and ordered your SSL document, see Windows Server 2012: Creating Your CSR with the DigiCert Utility.

After DigiCert validates your guild and bug your SSL certificate, you can employ the DigiCert Document Utility to install the certificate file to your Windows Server 2012. So you lot can use IIS 8 or IIS 8.5 to configure the server to utilize it.

To install your SSL certificate on your Windows Server 2012, complete the steps below.

1. Import your SSL document to your Windows Server 2012 using the DigiCert Document Utility.

2. Configure your Windows Server 2012 to use the SSL certificate using IIS 8 or IIS 8.v.

i. Import Your SSL Certificate Using the DigiCert Certificate Utility

Afterwards DigiCert issues your SSL certificate, you can apply the DigiCert Certificate Utility to install the certificate file to your Windows Server 2012.

Microsoft Certificate Store Note:
When you use the DigiCert Certificate Utility to import/install your SSL certificates, it volition place the certificates in the Personal store instead of the Spider web Hosting store. If yous have less than xxx certificates, this will non exist a problem. Nonetheless, if you are managing 30 or more certificates, y'all volition demand to move your certificates to the Web Hosting store, which was designed for a greater number of certificates. Encounter Move a Certificate from the Personal Store to the Web Hosting Certificate Store.

How to Import an SSL Certificate to Your Windows Server 2012

1. On the Windows 2012 server, where you created the CSR, extract the contents of the Zip file y'all received from DigiCert (e.m., your_domain_com.cer) to the folder where you saved the DigiCert Certificate Utility executable (DigiCertUtil.exe).

2. Open the DigiCert Certificate Utility (double-click DigiCertUtil).

3. In the DigiCert Certificate Utility for Windows^© , click SSL (golden lock) and then, click Import.

   

4. In the Certificate Import magician, click Browse to locate the .cer certificate file you received from DigiCert (e.g., your_domain_com.cer), and click Open.

   

5. Click Side by side

6. In the Enter a new friendly name or you tin take the default box, blazon a friendly name for the certificate.

   Note: The friendly name is not part of the certificate; instead, it is used to identify the certificate. We recommend that you add the issuing CA (e.1000., DigiCert) and the expiration date to the end of your friendly proper noun; for example, yoursite-digicert-(expiration engagement). Doing this helps place the issuer and expiration date for each certificate and also helps distinguish multiple certificates with the same domain proper name.

   

7. To import the SSL certificate to your server, click Finish.

8. You should receive a bulletin that the certificate was successfully imported, and y'all should now see your SSL document in the DigiCert Certificate Utility for Windows^© .

   

9. (Optional) Repeat the procedure as needed for each additional SSL certificate.

10. Now that yous've successfully installed your SSL certificate, you need to assign the certificate to the advisable site.

two. Configure the Server to Use Your SSL Certificate Using IIS viii or IIS 8.v

After importing your SSL certificate to your Windows Server 2012, you must configure IIS to use the newly imported certificate to secure your website.

• (Single Document) How to configure the server to use your SSL certificate
• (Multiple Certificates) How to configure the server to utilise your SSL certificates using SNI

(Single Certificate) How to configure the server to utilise your SSL certificate

1. On the Windows Server 2012 where you imported your SSL certificate with the DigiCert Certificate Utility, open Internet Data Services (IIS) Managing director.

   From the Start screen, observe Internet Information Services (IIS) Manager and open it.

2. In Internet Information Services (IIS) Manager, in the Connections pane, expand the name of the server on which the certificate was installed. And so expand Sites and click the site you want to secure using the SSL certificate.

   

3. On the website Home page, in the Deportment menu (right pane), click Bindings.

4. In the Site Bindings window, click Add together.

   

5. In the Add together Site Binding window, practise the following and and so click OK.

   Type:	In the drop-downwardly list, select https.
   IP address:	In the driblet-down list, select the IP accost of the site or select All Unassigned.
   Port:	Type 443. (SSL uses port 443 to secure traffic.)
   SSL certificate:	In the drop-down list, select your new SSL document (east.g., yourdomain.com).

   

6. Your SSL certificate is now installed, and the website is configured to have secure connections.

   

(Multiple Certificates) How to install your SSL certificates and configure the server to apply them using SNI

If you have not imported all your SSL certificates, see Import Your SSL Certificate Using the DigiCert Certificate Utility.

These instructions explain how to install multiple SSL certificates and assign them using SNI. The procedure is split into two parts as follows:

• Assign the Kickoff SSL Certificate
• Assign All Additional Certificates

Assign the First SSL Certificate

Do this starting time set of instructions only one time (for the first SSL certificate).

1. On the Windows Server 2012 where yous imported your SSL certificate with the DigiCert Certificate Utility, open Internet Information Services (IIS) Director.

   From the Get-go screen, find Internet Information Services (IIS) Director and open it.

2. In Internet Information Services (IIS) Manager, in the Connections pane, expand the name of the server on which the document was installed. And so expand Sites and click the site you want to secure using the SSL document.

   

3. On the website Home page, in the Actions carte du jour (correct pane), click Bindings.

4. In the Site Bindings window, click Add.

   

5. In the Add Site Bounden window, do the post-obit and then click OK.

   Type:	In the drop-down listing, select https.
   IP address:	In the drop-downwardly listing, select the IP accost of the site or select All Unassigned.
   Port:	Blazon 443. (SSL uses port 443 to secure traffic.)
   SSL certificate:	In the drop-down list, select the SSL certificate you installed in Step 7 (due east.thou., yourdomain.com).

   

6. Your first SSL certificate is now installed, and the website is configured to have secure connections.

   

Assign All Additional SSL Certificates

To assign each additional SSL certificate, repeat the steps below (as needed).

1. In Net Data Services (IIS) Manager, in the Connections pane, expand the name of the server on which the certificate was installed. Then aggrandize Sites and click the site y'all desire to secure using the SSL certificate.

   

2. On the website Home page, in the Deportment menu (right pane), click Bindings.

3. In the Site Bindings window, click Add.

   

4. In the Add Site Binding window, do the following and so click OK.

   Type:	In the drop-downwards listing, select https.
   IP address:	In the drop-down list, select the IP address of the site or select All Unassigned.
   Port:	Type 443. (SSL uses port 443 to secure traffic.)
   Host name:	Blazon the host name that you want to secure.
   Crave server name indication:	Select this checkbox after you lot enter the host name. Notation: This pick is required for any additional certificates/sites after installing the outset document on the master site.
   SSL certificate:	In the driblet-down list, select the SSL document you installed (east.g., yourdomain.com).

   

5. You lot take successfully installed another SSL certificate and configured the website to accept secure connections.

Source: https://www.digicert.com/kb/util/csr-creation-ssl-installation-windows-server-2012.htm

Posted by: johnstonwhiced1949.blogspot.com

Share this post