Most of the CA authorities offers paid certificates.
But Let's Enrcrypt is a free CA .
To be able to use free certificates from Let's Encrypt you need to demonstrate that you are in control of the domain for which you want a certificate.
This is done using software which use ACME protocol.
How you can do this on windows machines running IIS :
A Powershell library that provides access to many (but not yet all) commands of the ACME API.
This is a ACME windows CLI client built in native .net and aims to be as simple as possible to use.
Certify is a visual GUI based tool built on top of ACMESharp library.
It is still in alpha version , but is a promising tool.
It is still in alpha version , but is a promising tool.
The easiest to use , from my point of view , is letsencrypt-win-simple .
Why ?
Before running it make sure that you do the next in IIS :
1. Go to IIS manager and on the server select Handler Mappings , then View ordered list from the right menu . Scroll down to find StaticFile handler and make sure it is above the Extensionless handlers, like in the bellow picture.
1. Go to IIS manager and on the server select Handler Mappings , then View ordered list from the right menu . Scroll down to find StaticFile handler and make sure it is above the Extensionless handlers, like in the bellow picture.
2. In case you have a custom HTTP module running in IIS which is removing the Server header from the response , disable it while you are setting up the certificate and also when you are renewing it .
3. On the bindings of the web site for which the certificate is requested , make sure that the host name is filled in the binding settings section
After running the tool you will get the certificate in IIS .
Update : 21/03/20017
After you get the certificate you might wan to :
1. Revert StaticFile handler to it's original position .
Why ? If you have an application under your website in iis, which for example is an web api , it will no longer work until you revert the Staticfile handler to it's original position.
After running the tool you will get the certificate in IIS .
Update : 21/03/20017
After you get the certificate you might wan to :
1. Revert StaticFile handler to it's original position .
Why ? If you have an application under your website in iis, which for example is an web api , it will no longer work until you revert the Staticfile handler to it's original position.
No comments:
Post a Comment