Skip to main content
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution

Installing a wildcard certificate

Hi All,

So I have to admit from the start I am a complete novice when it comes to the world of SSL certificates.

 

I was asked to buy an SSL certificate for one of our servers, so I went to the GoDaddy website and bought a wildcard certificate for about £200. I was provided with a couple of text files one something like generatedprivatekey.txt and another something like generatedcsr.txt and then we had to verify ownership of the domain. I've no idea what i'm supposed to do with the two text files btw and nothing in any guide then or since has told me that I need to do anything with them. 

 

Having confirmed domain ownership I was then able to download a .zip file which contained a .crt, .pem and a .p7b file and helpfully I thought there was a guide to install on IIS which I proceeded to follow.

 

Having installed the .p7b file in the intermediate section of certificate manager I then as directed completed the csr in IIS, went to bindings to bind my https site to the newly purchased certificate.

 

Unfortunately the certificate was in the drop down box for me to select and the csr I'd just created had vanished. I understand that this was due to the crt file I was using not having a private key i.e. no key symbol by the side of it.

 

Someone then pointed out that I should have done a CSR on IIS first and used that to get the cert from GoDaddy, but from memory I don't think I was ever asked for it. It was only after Rekeying the cert that I was able to paste in the CSR text and then download a crt that had a key which I was able to import and then export as a pfx and then use that to complete the csr in IIS and attach it to the website.

 

My question and my point is why is this SO difficult ? If I buy an SSL cert for a website chances are I need something I can use with a website.... Why at the point of sale aren't I asked for the CSR and why don't GoDaddy list all the correct steps required to install this in IIS when clearly what they're offering is simply wrong.

 

Sorry I just about understand now that the process should be;
1. Generate CSR
2. Paste CSR code into GoDaddy website
3. Download Cert
4. Import Cert / Export Cert as pfx
5. Complete CSR in IIS
6. Bind to IIS website

It would have saved me hours of agony if the guide had said this.
Am I missing something or am I right that this whole process is made more difficult than it needs to be ?

1 ACCEPTED SOLUTION

I just 'discovered' the process you outlined above, and yes, that is the correct process.

 

One key piece of info to add might be that you want to do Step 1 ON THE SERVER YOU PLAN TO INITIALLY INSTALL THE CERT ON.

Also, with the various files, which have to be able to support any web server, on any platform, the process is by definition going to be confusing.

 

However, as usual, the folks at Microsoft have made it super-simple, if you can find out the right steps.

 

What I mean is that after generating the CSR from IIS and copying it in the GoDaddy web page, then downloading and unzipping the zip file, you can just double-click on the .crt file, export it WITH A PASSWORD as a .pfx, and then on any server you need to install the cert on, just double-click the .pfx and import it, then the cert is available in IIS.

 

Easy-peasy, and no 1980s command-line stuff to deal with.

View solution in original post

1 REPLY 1

I just 'discovered' the process you outlined above, and yes, that is the correct process.

 

One key piece of info to add might be that you want to do Step 1 ON THE SERVER YOU PLAN TO INITIALLY INSTALL THE CERT ON.

Also, with the various files, which have to be able to support any web server, on any platform, the process is by definition going to be confusing.

 

However, as usual, the folks at Microsoft have made it super-simple, if you can find out the right steps.

 

What I mean is that after generating the CSR from IIS and copying it in the GoDaddy web page, then downloading and unzipping the zip file, you can just double-click on the .crt file, export it WITH A PASSWORD as a .pfx, and then on any server you need to install the cert on, just double-click the .pfx and import it, then the cert is available in IIS.

 

Easy-peasy, and no 1980s command-line stuff to deal with.

View solution in original post