IT Wizard Professional

User Tools

Site Tools

Trace:
sysadmin:windows:windows_iis_install_configure_certbot

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
sysadmin:windows:windows_iis_install_configure_certbot [2021/03/02 14:40]
vidyasb 		sysadmin:windows:windows_iis_install_configure_certbot [2021/03/02 15:08] (current)
vidyasb
Line 1: Line 1:
-====== Install & CertBot on Windows with IIS ======+====== Install & Configure CertBot on Windows with IIS ======
  
 [[https://certbot.eff.org/lets-encrypt/windows-other.html|CertBot - Windows Other]] [[https://certbot.eff.org/lets-encrypt/windows-other.html|CertBot - Windows Other]]
  
-  - Install [[https://dl.eff.org/certbot-beta-installer-win32.exe|CertBot (beta)]] +  - Download & Install [[https://dl.eff.org/certbot-beta-installer-win32.exe|CertBot (beta)]] 
-  - Open MS-DOS command prompt in **Administrator** mode, run following commands:<WRAP center round alert 60%>+  - Open MS-DOS command prompt in //Administrator// mode, run the following commands to generate SSL certificate using //DNS// challenge:<WRAP center round info 100%>There are 2 types of Challenges that CertBot supports in-order to validate ownership of Domain for which the SSL certificate is being generated, they are: 
 +  - HTTP 
 +  - DNS 
 +For more details refer to [[https://certbot.eff.org/docs/challenges.html|https://certbot.eff.org/docs/challenges.html]] 
 +</WRAP><WRAP center round alert 60%>
 <block>Replace <<Email Address>></block> <block>Replace <<Email Address>></block>
 <block>Replace <<Domain Name>></block> <block>Replace <<Domain Name>></block>
Line 10: Line 14:
 certbot certonly --manual --preferred-challenges dns --email "<<Email Address>>" --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d <<Domain Name>> certbot certonly --manual --preferred-challenges dns --email "<<Email Address>>" --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d <<Domain Name>>
 </code> </code>
-  - Type **Y** and press **[ENTER]** key at the following prompt:<code>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -+  - Type //Y// and press //[ENTER]// key at the following prompt:<code>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 Would you be willing, once your first certificate is successfully issued, to Would you be willing, once your first certificate is successfully issued, to
 share your email address with the Electronic Frontier Foundation, a founding share your email address with the Electronic Frontier Foundation, a founding
Line 26: Line 30:
 your server, please ensure you're okay with that. your server, please ensure you're okay with that.
 </code> </code>
-  - Type **Y** and press **[ENTER]** key at the following prompt:<code>+  - Type //Y// and press //[ENTER]// key at the following prompt:<code>
 Are you OK with your IP being logged? Are you OK with your IP being logged?
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Line 41: Line 45:
 Press Enter to Continue Press Enter to Continue
 </code> </code>
-  - Download and Install OpenSSL for Windows <WRAP center round info 60%>+  - Download Install OpenSSL for Windows <WRAP center round info 60%>
 <block>[[https://slproweb.com/products/Win32OpenSSL.html|https://slproweb.com/products/Win32OpenSSL.html]]</block> <block>[[https://slproweb.com/products/Win32OpenSSL.html|https://slproweb.com/products/Win32OpenSSL.html]]</block>
 <block>[[https://slproweb.com/download/Win64OpenSSL_Light-1_1_1g.exe|https://slproweb.com/download/Win64OpenSSL_Light-1_1_1g.exe]]</block> <block>[[https://slproweb.com/download/Win64OpenSSL_Light-1_1_1g.exe|https://slproweb.com/download/Win64OpenSSL_Light-1_1_1g.exe]]</block>
 </WRAP> </WRAP>
-  - Select option to copy OpenSSL libraries to OpenSSL **/bin** folder +  - Select option to copy OpenSSL libraries to OpenSSL ///bin// folder 
-  - Launch MS-DOS command prompt and run following commands:<WRAP center round info 60%>+  - In the MS-DOS command prompt window in Step 2 or a new MS-DOS command prompt window, run the following commands to create PFX file:<WRAP center round info 60%>
 [[https://community.letsencrypt.org/t/create-pfx-certificate/86949|https://community.letsencrypt.org/t/create-pfx-certificate/86949]] [[https://community.letsencrypt.org/t/create-pfx-certificate/86949|https://community.letsencrypt.org/t/create-pfx-certificate/86949]]
 </WRAP><WRAP center round alert 60%> </WRAP><WRAP center round alert 60%>
Line 53: Line 57:
 openssl pkcs12 -export -out "C:\Certbot\archive\<<Domain Name>>\<<Domain Name>>.pfx" -inkey "C:\Certbot\archive\<<Domain Name>>\privkey1.pem" -in "C:\Certbot\archive\<<Domain Name>>\cert1.pem" -certfile "C:\Certbot\archive\<<Domain Name>>\chain1.pem" -password pass:<<password>> openssl pkcs12 -export -out "C:\Certbot\archive\<<Domain Name>>\<<Domain Name>>.pfx" -inkey "C:\Certbot\archive\<<Domain Name>>\privkey1.pem" -in "C:\Certbot\archive\<<Domain Name>>\cert1.pem" -certfile "C:\Certbot\archive\<<Domain Name>>\chain1.pem" -password pass:<<password>>
 </code> </code>
 +  - Launch //Internet Information Services (IIS) Manager// from //Control Panel// → //Administrative Tools//
 +  - Click on Server tree node underneath //Start Page// in the left-side navigation panel
 +  - Click on //Server Certificates// under //IIS// section in the middle work area
 +  - Click on //Import...// link in right side actions panel
 +  - Using //...// button next to //Certificate file (.pfx)://, select the PFX file generated in Step 7
 +  - Enter the password entered in Step 2 in //Password// field
 +  - Click //OK// to Import the certificate<WRAP center round info 60%>Now you should see the imported certificate in the list of IIS Server Certificates in middle work area</WRAP>
 +  - Expand //> Sites// underneath the Server tree node in left-side navigation panel
 +  - Click on the Site that has HTTPS binding to which the certificate needs to be assigned-to
 +  - Click on //Bindings...// in right-side action panel
 +  - Select the HTTPS Binding and Click on //Edit...// or create a new binding (if not present)
 +  - In the //SSL certificate:// drop-down, select the newly imported SSL certificate in Step 14
  
sysadmin/windows/windows_iis_install_configure_certbot.1614696049.txt.gz · Last modified: 2021/03/02 14:40 by vidyasb

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki