2 min read

The easiest and most reliable way to configure SSL/HTTPS in IIS

When we are faced with the task of configuring SSL/HTTPS in IIS (Internet Information Services) we realize that it is not the most user-friendly task.

A global computer screen displaying the word 'https'.

For the purposes of this article, we’ll assume we already have a certificate installed.

According to IIS documentation, we need about twelve clicks and some luck on our side (as something usually fails) to configure SSL/HTTPS in IIS correctly.

If we want to obtain a valid certificate or manage its life cycle (renew it before it expires) automatically, we can use this excellent tool – Certify the Web. It will automatically generate a certificate in Let’s Encrypt and will download, install, and register it with our website/service in IIS or renew the certificate if necessary, without any manual intervention.

Setting up SSL/HTTPS with this tool is super simple. Once we have downloaded and installed the tool we encounter this screen:

To configure a new website or service, we simply click on the “New Certificate” button:

Then, we must choose a name for the certificate, select the website, and specify the domain or domains we want to apply it to. Finally, we click on “Request Certificate” and we will get this screen:

And that’s it! A task that used to be complicated and gave us quite a headache is now as simple as a couple of clicks, and we don’t even have to worry about updating the certificates.

This tool allows us to perform this task in a fraction of the time it would take us by hand, while also avoiding human errors during configuration.

Now the question is… Are both the tool and the certificates ready? The short answer is YES. The long answer, according to Lets Encrypt documentation, is YES, BUT we need to be aware of this:

  1. Let’s Encrypt doesn’t issue “EV” certificates – i.e., certificates that give you a big green bar in web browsers (you can see these e.g., Bank of America)
  2. Let’s Encrypt certificates are strictly for server and client authentication – i.e. not email signing or data encryption. It’s suitable for web, email, ssh, and servers. We have written up a list of all the restrictions.
  3. Let’s Encrypt can only be used for internet-facing servers as it verifies the domain names you want to have in your certificates by connecting to them from outside (or via your DNS records).
  4. Let’s Encrypt certificates are valid for 3 months only so it’s definitely worth automating renewals.

Innovation starts with a conversation.

Fill out this email form and we’ll connect you with the right person for your needs.