Technical Guides
      Back to home
      1. Knowledge Base
      2. Technical Guides

      How to Create a Certificate for an IIS Site Hosting a .NET App for Internal and External Access

      How do I configurd SSL certificates for my on premises installations of SurePassID Components


      This guide is designed to help you create and configure a certificate for an Internet Information Services (IIS) site hosting a .NET application. The certificate will be configured for both internal and external use, with multiple Fully Qualified Domain Names (FQDNs) using Subject Alternative Names (SANs). This setup ensures compatibility with modern browsers.

      **Requirements:**
      - Access to IIS Manager.
      - Permission to request or import a certificate.
      - Knowledge of your site’s FQDNs.

      **Steps:**

      1. **Determine Your FQDNs:**
         - Identify the FQDNs your .NET app will use internally and externally. Example: `internalapp.company.com`, `externalapp.company.com`.

      2. **Choose a Certificate Authority (CA):**
         - For external access, use a trusted CA like Let's Encrypt, VeriSign, etc.
         - For internal use, you may use a private CA or self-signed certificate, but a trusted CA is recommended for better compatibility.

      3. **Create a Certificate Signing Request (CSR):**
         - Open IIS Manager.
         - Go to your server name → “Server Certificates”.
         - Click “Create Certificate Request”.
         - Fill in your organization details and the **Common Name (CN)**. The CN should be one of your FQDNs.
         - Specify SANs to include all FQDNs.

      4. **Submit CSR to CA:**
         - Send the CSR to your chosen CA.
         - For a trusted CA, follow their process to validate your domain and get the certificate.
         - For internal CAs or self-signed, use your organization's process.

      5. **Install the Certificate:**
         - Once you receive the certificate, go back to IIS Manager.
         - Click “Complete Certificate Request”.
         - Browse to your certificate file and complete the installation.

      6. **Bind the Certificate to Your Site:**
         - In IIS Manager, go to “Sites” and select your .NET application site.
         - Click “Bindings” in the right pane.
         - Add (or edit) an HTTPS binding.
         - In the “SSL certificate” dropdown, select your installed certificate.

      7. **Test Your Configuration:**
         - Access your site using HTTPS and each FQDN.
         - Verify there are no browser security warnings.
         - For internal testing, ensure your internal DNS resolves the FQDNs to the IIS server.

      8. **Maintain Certificate Validity:**
         - Keep track of the certificate’s expiry date.
         - Renew the certificate before it expires to avoid service disruption.

      **Conclusion:**
      By following these steps, you will have a certificate that supports multiple FQDNs, ensuring secure and reliable access to your .NET application both internally and externally. Remember, regular maintenance and monitoring of the certificate's validity are essential for uninterrupted service.

      **Note:** This guide assumes a basic understanding of IIS and SSL/TLS concepts. If you encounter issues, consult the documentation of your specific IIS version or reach out to your CA for assistance.