IIS Self Signed

-

 

Securing the server with SSL
Now we want to secure the cats by adding a SSL certificate to our Server.
In your IIS Manager go to your server (The top of the tree to the left) ➜ Scroll down and double-click Server Certificates.


(If your self-signed certificate is already here, jump ahead to the bindings steps)

We need to import our self-signed server certificate in order to enable https communication with SSL, so click Import…


Click the … and find your .pfx file, fill out the password (the -po parameter in your command batch file) and click OK


Your certificate is now added


Double-click the newly added cert to verify that it is trusted (Your self-signed certificates were added to the correct stores in my previous post, so again: read it if you are lost right now ;-))


So far, so good! Now we can add the https binding, the same way as before but choose https with port 443, your domain as the host name and find yourself signed certificate in the drop down list


Check the Server Name Indication box which enables our server to have multiple certificates installed on the same IP address by sending the hostname with the first stage of the SSL handshake. Repeat the same steps to add SSL for www.yourdomain.com but with a certificate where the CN name matches the domain name or a wildcard certificate


Our bindings are complete for now.

Tadaa, you can now use https://yourdomain.com/api/cats and https://www.yourdomain.com/api/cats.

NOTE: Firefox does not use the Windows certificate store, so you will have to add your root CA manually. Go to Firefox Settings  Options  Advanced  View Certificates  Authorities  import your CARoot.cer file

IIS Client Certificate Mapping Authentication
We have now been through the uses of the root and server certificates, and you are probably wondering what to do with the client certificate we also created in my previous post. This is for situations when we for example need to authenticate clients without a user login and password approach but rather want the server to ask the client to show its certificate and if it is the correct one the client is allowed in. This can be done with a Many-To-One or a One-To-One mapping and I will show you how to do both manually in the IIS Manager.

 

Comments

Post a Comment

Popular posts from this blog

Here’s a step-by-step guide on configuring WDS on Windows Server

-
Windows Deployment Services (WDS) is a Microsoft tool for network-based installation of Windows operating systems. It enables administrators to deploy Windows images over a network to computers without requiring physical media. Here’s a step-by-step guide on configuring WDS on Windows Server: Prerequisites: A Windows Server machine with WDS role installed. Active Directory, DNS, and DHCP set up and running on the network. An NTFS partition on the server to store images. Step 1: Install WDS Role Open Server Manager and go to Manage > Add Roles and Features . Click Next until you reach the Server Roles page. Select Windows Deployment Services and click Next . Choose WDS Deployment Server and WDS Transport Server and click Next . Complete the wizard to install the role, then restart the server if prompted. Step 2: Configure Windows Deployment Services Open WDS by navigating to Server Manager > Tools > Windows Deployment Services . In the WDS console, right-click on your se...
Read more

IIS Installation and Application configuration windows swerver

-
Image
  1.      Using the Server Manager, select  2 Add roles and features . Figure 4-9 Server Manager – Adding Roles and Features Select  Role-based or feature-based installation , and then click  Next . Choose  Select a server from the server pool . 4.      Select the server you are configuring, and then click  Next . Figure 4-10 Server Manager – Select Server 5.      Expand the  Web Server  role service. Figure 4-11 Server Manager – Web Server Role Services Expand the  Web Server  options and select the following  Common HTTP Features : ·         Default Document ·         ·         HTTP Errors ·         ·         Static Content · ...
Read more