Benjamin Tinker Team : Web Development Tags : Web Development
12Aug2013

Check your SSL provider

Benjamin Tinker Team : Web Development Tags : Web Development

If you have a website that sells a product, processes credit cards or you just want to have some secure sections that have the benefits of being behind HTTPS then you need an SSL certificate. There are many providers of SSLs such as GeoTrust and VeriSign; generally, you would purchase the SSL from a reseller such as eWay. All provide SSL certificates that will encrypt your site content, once installed with 128 bit encryption. This puts in place the necessary security to ensure all sensitive information that travels from your users machines to your server is secure.

Working with Windows Servers and IIS7 it is important to remember that not all SSL providers are able to issues SSL certificates in the pfx format. The beauty of pfx files is that once they have been issued by your SSL provider you can import them immediately into IIS7 via the Server Certificates Import option. Simply upload the file to the server, open IIS7, open the Server Certificates panel and click the Import button. The rest is self explanatory.

However, if your SSL provider is not able to issue pfx format you need to be aware that most SSL providers will issue you with a .crt file that is not entirely complete. The majority of the time when you load up the Server Certificates panel in IIS7 and use the Complete Certificate Request as shown below there will be a snag.

The snag is that IIS7 will complete the request and add the certificate to IIS7 but as soon as you refresh the screen or attempt to add it to your website it will vanish. No explanation, not even a hint. This has been infinitely frustrating as your provider will always insist on the crt file being valid and ready to install on IIS7. Some will go as far to say that this is a known issue with IIS7 and the certificate has actually been installed. They are wrong.

Simply put, a certificate request must first come from the live server in this case from which the SSL provider may issue the responding crt file to complete the validation. IIS7 when completing certificate requests does a check against the provided code to ensure that the request came from the server that is to be completing the request. To do this open up IIS7 Server Certificates and follow the Request Certificate process.

Each SSL provider will have their own preference for the encryption method used so check with them for details of finishing the request. In the end you will then save a text file containing the request code. This is then sent to the SSL provider who will then send back a crt file that is validated against your request. After than you run the Complete Certificate Request and bang, the SSL is installed. You can then add it to your website and will be able to browse your site safely under SSL.

There are other ways of installing SSLs so the above it not the only way. It’s just that previously many SSL providers I have dealt with will only issue crt files and don’t have pfx formats or self signed formats so IIS7 will always choke. The only way around this was to send through another request from the live server and get back the correct response in that manner. It is good to know this as many clients may have already purchased their SSL before site launch and there can be quite a bit of back and forth in discovering why it does not install on their live server. The answer in the end is after you know the live hosting environment get that certificate request from the live server and send it to the clients SSL provider to process.

Easy, once you know how.

Happy coding.