AD Group Manager Web - Online Manual

To enable SSL for your web application using an Internal Certificate Authority (CA) on a server with IIS 10 and Windows Server 2019, follow these steps:

  1. Create a Certificate Signing Request (CSR) in IIS:
    • Open the IIS Manager (Start > Administrative Tools > Internet Information Services (IIS) Manager).
    • In the left pane, click on your server name, then double-click on “Server Certificates”.
    • Click on “Create Certificate Request”. Fill in the requested information, including your domain name, company name, department, city, state, and country.
    • Choose a Cryptographic Service Provider and set the bit length (2048 is commonly used).
    • Specify a filename and location to save the CSR and click “Finish”.
  2. Submit the CSR to Your Internal CA:
    • Submit the CSR file you just created to your internal CA. The process for this can vary depending on how your internal CA is set up. It might involve a web interface or an email request.
    • Once your internal CA processes the CSR, they will issue an SSL certificate for your domain.
  3. Install the SSL Certificate on IIS:
    • Back in the IIS Manager, click on your server name and then on “Server Certificates”.
    • Click on “Complete Certificate Request”. Browse to the location of the certificate file provided by your internal CA.
    • Enter a friendly name to identify the certificate, select “Web Hosting” as the certificate store, and click “OK”.
  4. Assign the SSL Certificate to Your Website:
    • In the IIS Manager, expand the server name and click on your website.
    • In the right pane, click on “Bindings”.
    • In the “Site Bindings” window, click “Add”. This opens the “Add Site Binding” window.
    • For “Type”, select “https”. Choose the IP address for your website or leave it as “All Unassigned” if applicable. Set the “Port” to 443.
    • From the “SSL certificate” dropdown, select the certificate you just installed.
    • Click “OK” to save this binding.
  5. Test the SSL Installation:
    • After configuring SSL, test it by navigating to https://[your-domain-name] from a browser within your internal network.
    • Ensure the site is loaded with a secure connection and the browser does not show any security warnings.
  6. Configure SSL/TLS Settings (Optional):
    • You can further configure SSL/TLS settings using the IIS Crypto tool or directly through IIS Manager for things like cipher suites, protocols, etc. This step is optional but recommended for enhancing security.
  7. Update Internal DNS (If Necessary):
    • If your internal DNS does not already resolve the domain name to the correct IP address, update your DNS records accordingly.

By following these steps, you can enable SSL for your internal web application using your company’s internal CA. This will ensure encrypted connections within your company network. Remember, this setup is intended for internal use only and the SSL certificate will not be recognized by external parties outside your organization.



Use of this site constitutes acceptance of our Privacy Policy and EULA. Copyright © Albus Bit SIA