How to Setup Free SSL on your website in IIS 8

The Site I used for this example is

  • Create an account
    • This will let you create 3 free 90 day CERTS
  • Click New Certificate
  • Enter your domain:
  • Select 90-Day Certificate
  • Auto-Generate CSR
  • Select the Free Plan

Your Certificate has been created

  • Email it to yourself
    • Must be admin email
  • Click Verify Domain
    • Email will be sent to your admin
    • This may take a few minutes
  • Copy the Verification Key from email
  • Go To Verification Page from email
  • Paste in the Verification Code
  • Certificate will be Issued
    • You will get a notification email
  • Click the Install Certificate link from the email

Download Certificate

  • This is a zip file with the following:
    • ca_bundle.crt
    • certificate.crt
    • private.key

We need to convert this to PFX/PKCS#12 so that IIS 8 can read this.

  • Go to:
    • Certificate File to Convert: certificate.crt
    • Type of Current Certificate: Standard PEM
    • Type To Convert To: PFX/PKCS#12
    • Private Key File: private.key
    • Chain Certificate File: ca_bundle.crt
  • Click “Convert Certificate”
  • You will download “certificate.pfx”

Upload all 4 files to your webserver that runs IIS

  • ca_bundle.crt
  • certificate.crt
  • certificate.pfx
  • private.key

On your webserver

  • Right-click: ca_bundle.crt
  • Install Certificate
    • Local Machine
    • Automatically select the certificate store based on the type of certificate
    • Next/Finish

Start IIS 8 Manager

  • Click Your Server
  • Open “Server Certificates”
  • Click “Complete Certificate Request”
    • File name containing the certification authority’s response: certificate.pfx
    • Fill in Friendly Name: www ReynoldTech yyyy-mm-dd
    • You can delete the old one later…
    • Select a certificate store for the new certificate: Personal
  • Navigate to “Sites”
  • Select your website
  • Click “Bindings”
    • If you are renewing, just select the new SSL certificate (Edit)
    • Add
      • Type: https
      • IP address: All Unassigned
      • Port: 443
      • Host name:
      • Check: Require Server Name Indication
      • SSL certificate: www ReynoldTech yyyy-mm-dd
  • Restart your website
  • Your website is now secure:
  • If this was a certificate renewal, you can now revoke your old certificate on ZeroSSL or just let it expire

Notes, Refences, and Special Thanks

Next Logical step is to set up a permanent redirect, see this:

This is for most of the IIS setup, but won’t work unless you convert to pfx first:

This YouTube video helped me: (Note, this is in Vietnamese I think, but I was able to follow on how to convert to pfx)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.