Domain Name, SSL And IIS Process Integration

Basic Concepts

Secure Socket Layer (SSL)

Transport Layer Security (TLS)

Public Key Infrastructure (PKI):

Certificate Authority (CA):

Certificate Signing Request (CSR)

Information included:

Private Key:

CA Bundle:

Certificate formats:

PEM(X.509 standard)

PKCS 12 standard

“A” Record:

Maps a domain name to the IP address (Version 4) of the computer hosting the domain.

Domain Name

Is an identification string that defines a realm of administrative autonomy, authority, or control within the Internet.

Buying A Domain Name

The first step is to buy a domain name.

I bought “awesomedefaultwebsite.space”:

If we go ahead and make a request right now we will see the following:

This usually happens because the “A” Record is pointing to a “dummy IP address”, in this case: “66.96.162.129”.

An A record uses a domain name to find the IP address of a computer connected to the internet.

Let us change the “A” record to 143.166.83.38 (“https://www.dell.com/”).

Time To Live will determine somewhat the time that this change will take effect.

I waited a couple of minutes and made another request:

It first enters “awesomedefualtwebsite.space” and then it is redirected to “www.dell.com” as this is the IP that our “A Record” is pointing to.

Generating SSL Certificate

You can generate SSL certificate with various tool such as OpenSSL. I am going to use “sslforfree.com” services.

Create the certificate and verify information

It will ask you to choose a verification method. I chose CNAME option for verification.

It will make you create a CNAME record with a specific name and content.

It will get verified and now you can download it!

Let us send this whole folder to the Server.

IIS

At this point, we will need to convert our certificates into “.pfx” format. Remember this format includes private key. For personal uses you can use online SSL converters, such as SSL Converter.

However, as the private key must always remain private, it is best to do this process locally. I am going to use OpenSSL.

[openssl] pkcs12 -export -out [desiredNameWhenExported.pfx] -inkey [NameOfPrivateKey].key -in [YourCertificate].crt -certfile [IntermediateCertificate].crt

MMC

Now we need to place the certificate in the Local Computer > Personal > Certificates store. This is where IIS reads.

File >Add/Remove snap in/ Certificates / Add > Computer Account > Next > Finish > OK

There is no need to add this certificate into “Trusted Certificates” as CA of your certificate should already be at your trusted certificates.

IIS Binding

Open IIS Manager, choose your site, create a HTTPS binding, set the hostname for which the certificate was issued for and select the correct certificate from the dropdown.

Let us make a request:

• Remember to change the “A Record” so that it points to our VM’s public IP.
• Remember to open PORT 443 at VM level as well.

Conclusion

In this article we review the whole process of buying a Domain Name, generating an SSL certificate, and binding it to IIS. Certificate in the format of “.pfx” is important as it contains the Private Key which the server will use to decrypt the data that the client provided that is encrypted with the Public Key.

Keep in mind:

This is an example of how this process can be done. There are hundreds of different services to achieve same outcome. Regardless, they all share the basic principles and process should be somewhat the same.

Resources

Google Code Archive — Long-term storage for Google Code Project Hosting.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store