<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=569338&amp;fmt=gif">

Installing a Wildcard SSL for IIS (Passcore)

September 28, 2020 | Keith Larson

How to Install SSL Certificate using IIS for Passcore

I have been working on several web projects recently where I needed to secure an application running on IIS to provide an encrypted connection to the website. I detailed the process for purchasing a wildcard certificate here. Now I want to demonstrate how to install that certificate to secure your website.

My example is running IIS on Windows Server 2016 Standard. For this instance, I purchased a wildcard certificate (*.sps-k12.com) so I have a star_sps-k12_com.pfx that needs to be copied somewhere locally on my server. I’ll copy it to c:\tools\.

Navigate to “Administrative Tools” and run “Internet Information Services (IIS) Manager”. Select your servername and open “Server Certificates”.

Installing a Wildcard SSL for IIS Passcore Picture1

Select the “Import” action to open the “Import Certificate” wizard. Browse to your .PFX file. Enter the password that you assigned to your private key, leave the certificate store set to “Personal” and keep the “Allow this certificate to be exported” checked. If the certificate imports properly, it will appear in the list of certificates like this:

Installing a Wildcard SSL for IIS Passcore Picture2

Now we need to make some adjustments to the bindings on the website to take advantage of the new certificate. The example that I’m using was an instance of PassCore, the open source project for password self-service for Active Directory. See more information about this project here.

When you install IIS, you automatically get a “Default Web Site”, but this isn’t what we want to use. I have not been able to find a way to disable or delete this, so I simply change the binding on this to use port 81, so that it is out of the way for my production application to use 80 and 443. To do this, right-click on “Default Web Site” and select “Bindings”.

Installing a Wildcard SSL for IIS Passcore Picture3

Then click on “Edit”, change the port from 80 to 81. Click OK and Close to save these settings.

Next, right-click on “PassCore” or your production application and select “Bindings”. If you use the PowerShell installation script for PassCore, it defaults to port 8080. Select the http binding and click “Edit”. Change the port to 80 and enter the hostname that you intend to use. In my case, I am using passcore.sps-k12.com.

Installing a Wildcard SSL for IIS Passcore Picture4

Now we want to add a binding for https. Under “Site Bindings”, click “Add”. Select the type of “https”, verify that the port is 443. Enter the same hostname as the http binding (passcore.sps-k12.com for my server). Check the “Require Server Name Indication” checkbox. Under the “SSL Certificate” drop down you should see your newly installed certificate, select it and click “OK” to save the settings.

Installing a Wildcard SSL for IIS Passcore Picture5

Now you can close your “Site Bindings” dialog. Select your server and under “Manage Server”, click “Stop” and then “Start” to activate all of the new settings.

Next, it is important that you have a dns entry that resolves the hostname that you used for the website binding to the ip address of this server. To test that, open a browser and type https: and your hostname. For my example that would be https://passcore.sps-k2.com. Here are the results that I get:

Installing a Wildcard SSL for IIS Passcore Picture6

You can see that I get a closed lock displayed in front of the URL showing that the session is secured. You can right-click on the lock and see the details of the certificate and see that it is indeed valid. Now you can be assured that the connection to this website is encrypted and therefore more safe for operations like managing passwords. Again, if you need the details on the process for purchasing a wildcard certificate click here.

If you require assistance with this process, please click below to inquire about our consulting services. 

 

Would you like to automate provisioning for your district?

Request a Demo

 

About Student Provisioning Services

SPS completely automates the creation and maintenance of student accounts in your Active Directory or e-Directory to save you time and help ensure accuracy. Most districts then have their local directory synchronized with Google Apps for Education or G-Suite, so they are immediately created in Google as well. Learn more.

You may benefit from reviewing our article: How to Sync Groups to Active Directory. 

Check out our latest case study here. 

2SPS Case Study Illinois School copy

Subscribe to Blog updates

VOB Badge for Website