- 24 Jan 2024
- 4 Minutes to read
- Print
- DarkLight
SSL Certification
- Updated on 24 Jan 2024
- 4 Minutes to read
- Print
- DarkLight
If you are attaching an SSL cert to the application, it needs to be from a Trusted Authority and not a self-signed cert. If it is a self-signed cert and it prompts the user to decide if the website is safe, this will cause issues with CobbleStone®'s OCR and alerts.
Microsoft documentation for setting up SSL on IIS can be found here: https://learn.microsoft.com/en-us/iis/manage/configuring-security/how-to-set-up-ssl-on-iis
SSL Certificates on IIS
Contract Insight Enterprise supports the use of SSL certificates for https connections (secured/encrypted connections). Enabling SSL for a Contract Insight application requires a two part process. The first step is generating the Certificate Request from the IIS Server that Contract Insight is running on. The second step is installing the issued SSL Certificate onto the IIS Server that Contract Insight is running on. Once a certificate is installed it can be assigned or bound to the IIS Website for Contract Insight. Below are the steps associated with this two part process.
Creating the Certificate CSR using IIS 7 – IIS 10
Below are the steps for how to generate a CSR in Microsoft IIS 7+.
CSR Creation:
- Click Start, then Administrative Tools, then Internet Information Services (IIS) Manager.
- Click on the server name.
- From the center menu, double-click the "Server Certificates" button in the "Security" section (it is near the bottom of the menu).
- Next, from the "Actions" menu (on the right), click on "Create Certificate Request." This will open the Request Certificate wizard.
- In the "Distinguished Name Properties" window, enter the information as follows:
- Common Name - The name through which the certificate will be accessed (usually the fully-qualified domain name, e.g., www.domain.com or mail.domain.com).
- Organization - The legally registered name of your organization/company.
- Organizational unit - The name of your department within the organization (frequently this entry will be listed as "IT," "Web Security," or is simply left blank).
- City/locality - The city in which your organization is located.
- State/province - The state in which your organization is located.
- Country/region - Select your Country/region.
- Click Next
- In the "Cryptographic Service Provider Properties" window, leave both settings at their defaults (Microsoft RSA SChannel and 2048) and then click next.
- Enter a filename for your CSR file. Remember the filename that you choose and the location to which you save it. You will need to open this file as a text file and copy the entire body of it (including the Begin and End Certificate Request tags) into the online order process when prompted.
Installing the SSL Certificate using IIS 7 – IIS 10
After your issuer provides you with your SSL Certificate, you will first need to install it to the server from which the certificate request was generated.
Installation:
- Open the ZIP file containing your certificate. Save the file named your_domain_name.cer to the desktop of the web server you are securing.
- Click on Start, then Administrative Tools, then Internet Information Services (IIS) Manager.
- Click on the server name.
- From the center menu, double-click the "Server Certificates" button in the "Security" section (near the bottom of the menu).
- From the "Actions" menu (on the right), click on "Complete Certificate Request." This will open the Complete Certificate Request wizard.
- Browse to your_domain_name.cer file that was provided to you by your certificate issuer. You will then be required to enter a friendly name. The friendly name is not part of the certificate itself, but is used by the server administrator to easily distinguish the certificate.
- Clicking "OK" will install the certificate to the server.
- Note that there is a known issue in IIS 7 giving the following error: "Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created." You may also receive a message stating "ASN1 bad tag value met". If this is the same server that you generated the CSR on then, in most cases, the certificate is actually installed. Simply cancel the dialog and press "F5" to refresh the list of server certificates. If the new certificate is now in the list, you can continue with the next step. If it is not in the list, you will need to reissue your certificate using a new CSR.
- Once the SSL certificate has been successfully installed to the server, you will need to assign that certificate to the appropriate website using IIS.
- From the "Connections" menu in the main Internet Information Services (IIS) Manager window, select the name of the server to which the certificate was installed.
- Under "Sites," select the site to be secured with SSL.
- From the "Actions" menu (on the right), click on "Bindings." This will open the "Site Bindings" window.
- In the "Site Bindings" window, click "Add..." This will open the "Add Site Binding" window.
- Under "Type" choose https. The IP address should be the IP address of the site or All Unassigned, and the port over which traffic will be secured by SSL is usually 443. The "SSL Certificate" field should specify the certificate that was installed in step 7.
- Click "OK"
Your SSL certificate is now installed, and the website configured to accept secure connections.