SSL For Free Let’s Encrypt IIS
▌Introduction
This
article shows how to get a SSL certificate and apply to IIS in 5 minutes XD
▌Environment
▋Windows Server 2016
▋IIS 10
▌Steps
▋Create Free SSL Certificate
1. Enter your domain name
2. Click [Create Free SSL Certificate]
Next
click [Manual Verification] -> [Manually Verify Domain],
We will
1. Download the verify file (which is called “Download File #1” in the below picture)
2. Put the file to our website for verifying (Notice that the
site MUST under port 80 or 443)
3. We can self-check if the verify-file can be accessed thru
the given link
4. Now we can click on the button [Download SSL Certificate]
to get the SSL certificate!
Since I
am a .NET guy, I will create a fake site on IIS for step 2 & 3.
▋How to create a
fake site on IIS for verifying
The point is that we have to make the verify-file can be accessed on http://[domain_name]/.well-known/acme-challenge/xxxxxxxxxxx
Create a website on IIS and then under the root directory, create the
directories and put the file inside,
Go to IIS Manager -> [MIME Types],
Add a new
MIME Type:
File name
extension: .
MIME
type: text/plain
Or write
the MIME type in WebConfig:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<staticContent>
<mimeMap fileExtension="." mimeType="text/plain" />
</staticContent>
</system.webServer>
</configuration>
And then the file can be accessed
like this,
▋Import SSL certificate to IIS
If
everything is done, we will get a zip file which contains:
Since IIS
supports PFX file, use the following OpenSSL command to generate PFX,
openssl pkcs12 -export -out xxx.pfx -inkey private.key -in certificate.crt -certfile ca_bundle.crt
Now we
can import the PFX to IIS and get it works!
▌Reference
▋免費 SSL 申請 (John
Wu)
沒有留言:
張貼留言