Server Certificates in IIS 8
Create Certificate Request
,
Domain Certificate
,
IIS
,
IIS 8
,
IIS Certificate
,
Install Certificate
,
Self signed certificate
,
Server Certificate
1 comment
Server Certificates in IIS 8
Certificates are part of Secure Sockets Layer (SSL) encryption. Server certificates enable users to confirm the identity of a Web server before they transmit sensitive data, such as a credit card number. Server certificates also contain the server's public key information so that data can be encrypted and sent back to the server.
To know how to use this feature follow the below steps.
#1. Open the Internet Information Services (IIS) Manager. You can open IIS from the Start screen by searching for the "inetmgr" command in the search box or writing the same in the Run window.
#2. Click on the Server node.
#3. From the features pane (center pane), double click on the "Server Certificates" which is under the IIS features section.
#5. As you see in the above tables, Actions pane elements are used in the process of creating the certificate request and competing the same. Let's have a deeper look into the Action pane elements.
Certificates are part of Secure Sockets Layer (SSL) encryption. Server certificates enable users to confirm the identity of a Web server before they transmit sensitive data, such as a credit card number. Server certificates also contain the server's public key information so that data can be encrypted and sent back to the server.
To know how to use this feature follow the below steps.
#1. Open the Internet Information Services (IIS) Manager. You can open IIS from the Start screen by searching for the "inetmgr" command in the search box or writing the same in the Run window.
#2. Click on the Server node.
#3. From the features pane (center pane), double click on the "Server Certificates" which is under the IIS features section.
#4. Once you opened the server certificates, you will be able to see some elements in the Actions Pane and Features Pane.
Following tables gives brief introduction to those elements.
Action Pane Elements:
| Element Name | Description |
|---|---|
| Import | Opens the Import Certificate dialog box to restore a lost or damaged certificate that you previously backed up, or to install a certificate sent to you by another user or certification authority (CA). |
| Create Certificate Request | Opens the Request Certificate wizard to provide information about your organization to an external certification authority. |
| Complete Certificate Request | Opens the Complete Certificate Request dialog box to install the certificates that you receive from your certification authority. |
| Create Domain Certificate | Opens the Create Certificate wizard to provide information about your organization to an internal certification authority. |
| Create Self-Signed Certificate | Opens the Create Self-Signed Certificate dialog box to create certificates to use in server testing environments and for troubleshooting third-party certificates. |
| Enable/ Disable Automatic Rebind of Renewed Certificate | Automatically rebind a renewed certificate by using Certificate Rebind. |
| View | Opens the Certificate dialog box so that you can view details about a certificate. Select a certificate to see this option. |
| Export | Opens the Export Certificate dialog box to export certificates from a source server when you want to apply the same certificate to a target server, or when you want to back up a certificate and its associated private key. Select a certificate to see this option. |
| Remove | Removes the item that is selected from the list on the feature page. Select a certificate to see this option. |
Feature pane Elements:
| Element Name | Description |
|---|---|
| Name | Displays the names of certificates that have been issued to clients that are running on either Internet or intranet hosts. |
| Issued To | Displays the FQDNs (Fully Qualified Domain Name) of either the Internet or intranet hosts to which certificates have been issued. |
| Issued By | Displays the FQDNs of servers that have issued certificates to clients that are running on either Internet or intranet hosts. |
| Expiration Date | Displays the date that the certificate expires. |
| Certificate Hash | Displays binary data produced by using a hashing algorithm. Although this data uniquely identifies a certificate, the hash data cannot be used to trace a certificate because hashing is a one-way process. |
| Certificate Store | Displays the name of the provider that stores the certificate. |
#5. As you see in the above tables, Actions pane elements are used in the process of creating the certificate request and competing the same. Let's have a deeper look into the Action pane elements.
Create Certificate Request
- The first step in creating the server certificate is to generate a certificate request. This request can be submitted to a CA, which will, in turn, generate a certificate that can be installed on the server.
- Certificate requests can only be configured at a server level. Once a certificate has been installed, it can then be configured for use at a website level.
- For creating the Certificate Request, Click on the Create Certificate Request in the actions pane to begin the process.
- Enter the details in the opened dialog box.
- Common name property should be filled in with the server name upon which the website will be answering requests. The remaining fields should be filled in according to the legal status of your organization. Depending on the CA you submit this request to and the type of certificate you are requesting, the CA may verify these details before issuing you a certificate. See the below image if any help required in filling that.
After filling the details, click on Next to continue.
Click on OK to install the certificate.
Create Domain Certificate
A domain certificate is an internal certificate that does not have to be issued by an external certification authority (CA). If your Windows domain has a server that acts as a CA, you can create a domain certificate. This approach helps you reduce the cost of issuing certificates and eases certificate deployment.
To request and install a certificate using the Domain Certificate Request, follow the below steps.
When a CA is not available, a self-signed certificate may be all that is required. This is particularly true in development environments where a developer may simply wish to test that his or her application works over SSL/TLS. A self-signed certificate is one where the server signs its own certificate. Because no machine other than the server trusts it as a CA, any remote machine accessing the site will result in a warning being displayed to the user. To create self signed certificate follow the below steps.
View
To view the server certificate installed on your server follow the below steps.
Reference: Professional Microsoft IIS 8
- Select the cryptographic provider and bit length that you want to use for this certificate. At the time of writing, 2,048-bit key lengths are considered secure for the foreseeable future. Longer key lengths can be chosen to provide additional security; however, selecting a longer key length puts additional load on both the client and server when performing the SSL/TLS handshake. See the below image if any help required in filling that.
Click on Next to continue
- Choose a file name to save the certificate request to, as shown in below image, and click Finish to close the wizard.
Note: If you didn't specify the file name with path, then that will saved in <Rootfolder>/Windows/System32 directory (C:/Windows/System32)
At this point, a Certificate Enrollment Request exists in the local machine's certificate store that
corresponds with the certificate request file that was just generated. After submitting the certificate
request to a CA and receiving your certificate, the new certificate will match the pending Certificate
Enrollment Request.
To view the Certificate Enrollment Request:
1. In the Windows Start screen, type mmc.exe, and press Enter or type the same in Run window.
2. Select File and then Add/Remove Snap in.
3. Select the Certificates snap-in and click Add. Click OK to exit all the dialogs.
4. Expand the Certificate Enrollment Requests node to see all pending requests.
The generated certificate request file is now submitted to a CA, which generates a signed certificate. The higher-assurance certificates (that tend to cost more money) involve additional due diligence by the CA.
Complete Certificate Request
- Once you receive the certificate from the CA, click on Complete Certificate Request which is in the Actions pane.This will open the Complete Certificate Request wizard.
- Enter the details in that wizard.
Friendly name : Enter the friendly name with which you can easily recognize the certificate.
Certificate Store : You will be able to see two options in that named Personal and Web store. The Web Hosting store works like the Personal store, so all of the existing tools work in the same way. The main difference between Web Hosting store and Personal store is that Web Hosting store is designed to scale to higher numbers of certificates.Create Domain Certificate
A domain certificate is an internal certificate that does not have to be issued by an external certification authority (CA). If your Windows domain has a server that acts as a CA, you can create a domain certificate. This approach helps you reduce the cost of issuing certificates and eases certificate deployment.
To request and install a certificate using the Domain Certificate Request, follow the below steps.
- Click on the Create Domain Certificate to begin the certificate request generation process.
- This will open a new wizard like the wizard opened for Create Certificate Request. Fill the details in that wizard and click on Next to continue the process.
- Enter your CA address in the Online certificate Authority text box. The CA name takes the form of the Common Name entered when installing Active Directory Certificate Services (by default, <domain name>-<server name>-CA), followed by the FQDN. and enter the friendly name with which you can recognize the certificate easily.
- Click on Finish to complete the wizard and submit the request to the designated CA. The certificate will automatically be issued by the CA and installed into the local machine certificate store on the IIS 8.0 server.
When a CA is not available, a self-signed certificate may be all that is required. This is particularly true in development environments where a developer may simply wish to test that his or her application works over SSL/TLS. A self-signed certificate is one where the server signs its own certificate. Because no machine other than the server trusts it as a CA, any remote machine accessing the site will result in a warning being displayed to the user. To create self signed certificate follow the below steps.
- Click on the Create Self-Signed Certificate to begin the self signed certificate generation process.
- This will open a new wizard. Enter the friendly name in the provided text box and select the certificate store.
- Click on OK to create the self signed certificate.
View
To view the server certificate installed on your server follow the below steps.
- Click on any certificate in the feature pane, then you will be able to see the View option in the action pane.
- Click on the View to see the certificate. On clicking that will open up a dialog box which shows that certificate details.
Export
To export any certificate which is installed on your server follow the below steps.
- Click on any certificate in the feature pane, then you will be able to see the View option in the action pane.
- Click on the Export to take the backup of the certificate. On clicking that will open a wizard. Fill the details in that wizard.
- Export to will be the path where to save that certificate and password is required to secure the certificate and is also used at the time of importing the same.
- After entering the details click on OK to export the certificate.
Import:
This option provides the facility to restore the certificate on the server. There are some situation where you can use this option.
This option provides the facility to restore the certificate on the server. There are some situation where you can use this option.
- When you need to restore the certificate which you received the from any user or Certification Authority (CA).
- When the certificate that you restored previously got damaged or lost on the server.
When click on Import in actions page it will open a dialog box, enter the certificate details in that dialog box.
Certificate file : File location on your local machine.
Password : Enter the password that you entered while taking the backup
Certificate Store : You will be able to see two options in that named Personal and Web store. The Web Hosting store works like the Personal store, so all of the existing tools work in the same way. The main difference between Web Hosting store and Personal store is that Web Hosting store is designed to scale to higher numbers of certificates.
Check the check box Allow this certificate to be exported, if you want to export this certificate in future.
Certificate file : File location on your local machine.
Password : Enter the password that you entered while taking the backup
Certificate Store : You will be able to see two options in that named Personal and Web store. The Web Hosting store works like the Personal store, so all of the existing tools work in the same way. The main difference between Web Hosting store and Personal store is that Web Hosting store is designed to scale to higher numbers of certificates.
Check the check box Allow this certificate to be exported, if you want to export this certificate in future.
Once entered all the details click OK to import the certificate.
Remove
To Remove any certificate which is installed on your server follow the below steps.
- Click on any certificate in the feature pane, then you will be able to see the Remove option in the action pane.
- Click on the Remove, to remove that particular certificate.
- On clicking Remove, it will show a alert as follows.
Click on Yes to remove the certificate.
Reference: Professional Microsoft IIS 8
How to access the site using domain name instead of localhost in IIS
How to access the site using domain name instead of localhost in IIS
Whenever we host any website in IIS ( Internet Information Services ), we used to access the website with localhost or with that particular machine IP address in the way of http://localhost/TestSite/TestPage.aspx
Did you ever think of accessing your website with a domain name as http://www.testsite.com instead of http://localhost/testsite or http://127.0.0.1/testsite on your local machine?
How can I tell my IIS that http://www.testsite.com is pointing to the files on my local computer not try to access the internet?
The answer behind all these questions is Hosts file.
This will be in <Windows Root Folder>\System32\Drivers\etc\. In general for the people who used to install Windows Operating System in C drive will be C:\Windows\System32\drivers\etc. You can open this file in Notepad, Notepad++ or any text editor that you have. If you open this file, it will be as follows
Note: You need administrator privileges to save your changes in this file.
Case 1:
If you want to create a new website which is possible for accessing through domain name follow the below steps.
#1. Open IIS.
#2. Expand the Server node and click on Sites folder.
#3. Click on Add Website in Actions pane.
Note: If need any help for the above steps then please check my previous post How to setup basic website in iis 8.
#4. Enter the details in the Add Website window as follows.
#3. Click on Website that you want to access using domain name and then click on Bindings in the Actions pane.
Enter the host name in the provided text box.
I am entering this as www.google.com because i want to access my site with google address.
#5. Now do the change in hosts file as we did in #6 in case 1.
#6. Once done this change you can access your local website with google address.
Whenever we host any website in IIS ( Internet Information Services ), we used to access the website with localhost or with that particular machine IP address in the way of http://localhost/TestSite/TestPage.aspx
Did you ever think of accessing your website with a domain name as http://www.testsite.com instead of http://localhost/testsite or http://127.0.0.1/testsite on your local machine?
How can I tell my IIS that http://www.testsite.com is pointing to the files on my local computer not try to access the internet?
The answer behind all these questions is Hosts file.
This will be in <Windows Root Folder>\System32\Drivers\etc\. In general for the people who used to install Windows Operating System in C drive will be C:\Windows\System32\drivers\etc. You can open this file in Notepad, Notepad++ or any text editor that you have. If you open this file, it will be as follows
Note: You need administrator privileges to save your changes in this file.
Case 1:
If you want to create a new website which is possible for accessing through domain name follow the below steps.
#1. Open IIS.
#2. Expand the Server node and click on Sites folder.
#3. Click on Add Website in Actions pane.
Note: If need any help for the above steps then please check my previous post How to setup basic website in iis 8.
#4. Enter the details in the Add Website window as follows.
#5. Click on Ok to create website.
#6. If you try to browse your website now, you will see that your webpage is not available alert in Chrome. You will see same kind of issue in other browsers also.
This is because, the address you entered is going to search in the internet instead of your localhost.
To overcome this open the Hosts file in any text editor and do the following changes.
(add " 127.0.0.1 www.testsite.com " to hosts file)
Now try to reload the page by clearing the browser cache. It will work as follows.
Case 2:
If you want to access the website using domain name which is created already then follow the below steps.
#1. Open IIS.
#2. Expand the Server node and then expand Sites folder.#3. Click on Website that you want to access using domain name and then click on Bindings in the Actions pane.
#4. Select the binding of type http and then click on Edit. This will open a new window as follows.
I am entering this as www.google.com because i want to access my site with google address.
#5. Now do the change in hosts file as we did in #6 in case 1.
#6. Once done this change you can access your local website with google address.
Note: The changes that you are doing in hosts files are applicable to that particular local machine in which that file exits.
How to Setup a Basic Website in IIS 8
How to Setup a Basic Website in IIS 8
In general hosting part of the application is not done by developer but however in some scenario where the team size is small or we need to host the application on the local server, we developer does all the work. In this article, I am going to show how to host an asp.net application on IIS 8.
#1. Open the IIS manager either from the Start screen by searching for the "inetmgr" command in the search box or writing the same in the Run window.
#3. Once you click on Add Website, it will open up a window. Please enter the all details as per the example provided below.
In that i have provided details ad follows Site Name as TestSite, provided the physical path of the application and in the binding section i have selected the Ip Address as All Unassigned and Port as 80 ( Default Settings ).
After entering the details press Ok to create your site.
#4. If it shows any alert as follows then press Cancel and change the port number and click Ok.
#5. To browse your hosted application, right click on the website name and go to Manage Web Site and select Browse.
Note: You can also achieve the same by clicking on Browse in Actions pane.
#6. On clicking on browse, your site will be opened in your default browser as follows.
In general hosting part of the application is not done by developer but however in some scenario where the team size is small or we need to host the application on the local server, we developer does all the work. In this article, I am going to show how to host an asp.net application on IIS 8.
#1. Open the IIS manager either from the Start screen by searching for the "inetmgr" command in the search box or writing the same in the Run window.
Note: You can also achieve the same by going to Control Panel and clicking on Administrative Tools ( which is under System and Security ) and then select Internet Information Services (IIS).
#2. Once you have opened the Internet Information Service (IIS) Manager, Expand the Server node and then click on sites folder. Click on Add Website in the Actions pane.
Note: You can also achieve the same by right clicking on Sites folder and then select Add Website
In that i have provided details ad follows Site Name as TestSite, provided the physical path of the application and in the binding section i have selected the Ip Address as All Unassigned and Port as 80 ( Default Settings ).
After entering the details press Ok to create your site.
#4. If it shows any alert as follows then press Cancel and change the port number and click Ok.
Note: You can also achieve the same by clicking on Browse in Actions pane.
#6. On clicking on browse, your site will be opened in your default browser as follows.
How to install IIS features on Windows 8
How to install IIS features on Windows 8
Windows 8 comes with a new version of IIS (Internet Information Services), version 8.
Lets follow the following steps to install IIS features on Windows 8.
Windows 8 comes with a new version of IIS (Internet Information Services), version 8.
Lets follow the following steps to install IIS features on Windows 8.
#1. On the Start page search for Control Panel and select the same.
#2. On selecting the Control Panel, this will open up a new window. In that choose Programs.
#3. Under Programs and Features, choose Turn Windows features on or off.
#4. This will open up a Windows Features window as follows.
#5. In windows features list expand the Internet Information Services node and select the features that you want to install as per your project requirements.
#6. After selecting the features to apply your changes. This will open up a window for applying your changes as follows.
#7. Once this is done, you can open the browser and navigate to localhost by typing the http://localhost in the address. The default web site opens and should displays an II8 image as follows.
#8. Image may be different in your case as it will open IIS 8 logo or the same. This image will come for IIS 8.5 and for IIS 8.0 that will show a different image.
Subscribe to:
Posts
(
Atom
)
1 comment :
Post a Comment