Installing an SSL Troubleshooting

TABLE OF CONTENTS

Introduction

An SSL certificate is a digital certificate that authenticates a website's identity and enables an encrypted connection. SSL stands for Secure Sockets Layer, a security protocol that creates an encrypted link between a web server and a web browser.


Companies and organizations need to add SSL certificates to their websites to secure online transactions and keep customer information private and secure.


In short: SSL keeps internet connections secure and prevents criminals from reading or modifying information transferred between two systems. When you see a padlock icon next to the URL in the address bar, that means SSL protects the website you are visiting.


Since its inception about 25 years ago, there have been several versions of SSL protocol, all of which at some point ran into security troubles. A revamped and renamed version followed — TLS (Transport Layer Security), which is still in use today. However, the initials SSL stuck, so the new version of the protocol is still usually called by the old name.

How does an SSL certificate work?

SSL works by ensuring that any data transferred between users and websites, or between two systems, remains impossible to read. It uses encryption algorithms to scramble data in transit, which prevents hackers from reading it as it is sent over the connection. This data includes potentially sensitive information such as names, addresses, credit card numbers, or other financial details.

The process works like this:

A browser or server attempts to connect to a website (i.e., a web server) secured with SSL.

The browser or server requests that the web server identifies itself.

The web server sends the browser or server a copy of its SSL certificate in the response.

The browser or server checks to see whether it trusts the SSL certificate. If it does, it signals this to the web server.


The web server then returns a digitally signed acknowledgment to start an SSL-encrypted session.

Encrypted data is shared between the browser or server and the web server.

This process is sometimes referred to as an "SSL handshake." While it sounds like a lengthy process, it takes place in milliseconds.


When a website is secured by an SSL certificate, the acronym HTTPS (which stands for HyperText Transfer Protocol Secure) appears in the URL. Without an SSL certificate, only the letters HTTP – i.e., without the S for Secure – will appear. A padlock icon will also display in the URL address bar. This signals trust and provides reassurance to those visiting the website.


To view an SSL certificate's details, you can click on the padlock symbol located within the browser bar. Details typically included within SSL certificates include:


The domain name that the certificate was issued for

  • Which person, organization, or device it was issued to
  • Which Certificate Authority issues it
  • The Certificate Authority's digital signature
  • Associated subdomains
  • Issue date of the certificate
  • The expiry date of the certificate
  • The public key (the private key is not revealed)

Why the SSL certificate is required

Websites need SSL certificates to keep user data secure, verify ownership of the website, prevent attackers from creating a fake version of the site, and convey trust to users.


If a website is asking users to sign in, enter personal details such as their credit card numbers, or view confidential information such as health benefits or financial information, then it is essential to keep the data confidential. SSL certificates help keep online interactions private and assure users that the website is authentic and safe to share private information with.


More relevant to businesses is the fact that an SSL certificate is required for an HTTPS web address. HTTPS is the secure form of HTTP, which means that HTTPS websites have their traffic encrypted by SSL. Most browsers tag HTTP sites – those without SSL certificates – as "not secure." This sends a clear signal to users that the site may not be trustworthy – incentivizing businesses who have not done so to migrate to HTTPS.


An SSL certificate helps to secure information such as:

  • Login credentials
  • Credit card transactions or bank account information
  • Personally identifiable information — such as full name, address, date of birth, or telephone number
  • Legal documents and contracts
  • Medical records
  • Proprietary information

Types of SSL certificates

There are different types of SSL certificates with different validation levels. The six main types are:

  • Extended Validation certificates (EV SSL)
  • Organization Validated certificates (OV SSL)
  • Domain Validated certificates (DV SSL)
  • Wildcard SSL certificates
  • Multi-Domain SSL certificates (MDC)
  • Unified Communications Certificates (UCC)
  • Extended Validation certificates (EV SSL)

This is the highest-ranking and most expensive type of SSL certificate. It tends to be used for high profile websites that collect data and involve online payments. When installed, this SSL certificate displays the padlock, HTTPS, name of the business, and country on the browser address bar. Displaying the website owner's information in the address bar helps distinguish the site from malicious sites. To set up an EV SSL certificate, the website owner must go through a standardized identity verification process to confirm they are authorized legally to the exclusive rights to the domain.

  • Organization Validated certificates (OV SSL)

This version of the SSL certificate has a similar assurance similar level to the EV SSL certificate since to obtain one; the website owner needs to complete a substantial validation process. This type of certificate also displays the website owner's information in the address bar to distinguish it from malicious sites. OV SSL certificates tend to be the second most expensive (after EV SSLs), and their primary purpose is to encrypt the user's sensitive information during transactions. Commercial or public-facing websites must install an OV SSL certificate to ensure that any customer information shared remains confidential.

  • Domain Validated certificates (DV SSL)

The validation process to obtain this SSL certificate type is minimal, and as a result, Domain Validation SSL certificates provide lower assurance and minimal encryption. They tend to be used for blogs or informational websites – i.e., which do not involve data collection or online payments. This SSL certificate type is one of the least expensive and quickest to obtain. The validation process only requires website owners to prove domain ownership by responding to an email or phone call. The browser address bar only displays HTTPS and a padlock with no business name displayed.

  • Wildcard SSL certificates

Wildcard SSL certificates allow you to secure a base domain and unlimited sub-domains on a single certificate. If you have multiple sub-domains to secure, then a Wildcard SSL certificate purchase is much less expensive than buying individual SSL certificates for each of them. Wildcard SSL certificates have an asterisk * as part of the common name, where the asterisk represents any valid sub-domains that have the same base domain.
For example, a single Wildcard certificate for *website can be used to secure:

payments.yourdomain.com

login.yourdomain.com

mail.yourdomain.com

download.yourdomain.com

anything.yourdomain.com

  • Multi-Domain SSL Certificate (MDC)

A Multi-Domain certificate can be used to secure many domains and/or sub-domain names. This includes the combination of completely unique domains and sub-domains with different TLDs (Top-Level Domains) except for local/internal ones.

For example:

www.example.com

example.org

mail.this-domain.net

example.anything.com.au

checkout.example.com

Secure.example.org

Multi-Domain certificates do not support sub-domains by default. If you need to secure both www.example.com and example.com with one Multi-Domain certificate, then both hostnames should be specified when obtaining the certificate.

  • Unified Communications Certificate (UCC)

Unified Communications Certificates (UCC) are also considered Multi-Domain SSL certificates. UCCs were initially designed to secure Microsoft Exchange and Live Communications servers. Today, any website owner can use these certificates to allow multiple domain names to be secured on a single certificate. UCC Certificates are organizationally validated and display a padlock on a browser. UCCs can be used as EV SSL certificates to give website visitors the highest assurance through the green address bar.


It is essential to be familiar with the different types of SSL certificates to obtain the right type of certificate for your website.

How to obtain SSL for Windows Server  

Steps to Create the CSR in IIS

  1. In the Windows start menu, type Internet Information Services (IIS) Manager and click to open it.
  2. Then, in the Internet Information Services (IIS) Manager, in the Connections menu tree, locate and click on the server name.
     
  3. On the server name Home page, in the IIS section, double-click Server Certificates.
  4. Then, on the Server Certificates page, in the Actions menu, click on the Create Certificate Request… link.
     
  5. Next, on the Request Certificate wizard, there on the Distinguished Name Properties page, fill up the information specified below and then click Next to proceed:
     
  6. The above-filled details are shown in the below screenshot. Click Next and proceed.
     
  7. Next, on the Cryptographic Service Provider Properties window, enter the required details mentioned below and then click Next to proceed.
     
  8. Entered the above information as shown in the below screenshot.
     
  9. On the File Name window, under Specify a file name for the certificate request tab, click the dotted (…) box to browse to a location where you want to save your CSR.
  10. Once the set up is done, click on Finish.

 Install SSL Certificate

  1. Save the SSL certificate .cer file on the server where you created the CSR.
  2. Next, in the Windows start menu, enter Internet Information Services (IIS) Manager, and click to open it.
  3. In Internet Information Services (IIS) Manager, you can see the Connections menu tree, and locate and click the server name.
     
  4. Then, on the server name Home window, in the IIS section, double-click Server Certificates.
  5. Next, on the Server Certificates window, in the Actions menu, hit click on the Complete Certificate Request. link.
     
  6. In the Complete Certificate Request wizard, on the Specify Certificate Authority Response page, add the following details and then click OK:
     
  7. As per the below screenshot add all the above mention details.
  8. Now that you’ve successfully installed your SSL certificate, you need to assign the certificate to the appropriate site.

Steps for assigning the certificate to the appropriate site

  1. To Assign SSL Certificate, open Internet Information Services (IIS) Manager, in the Connections menu tree (on the left pane), then expand the name of the server on which the certificate was installed. Next, expand Sites and click on the site you want to use the SSL certificate to secure.
     
  2. On the website Home window, in the Actions menu, under the Edit Site tab, click the Bindings link.
  3. Next, in the Site Bindings window, click on Add.
     
  4. Now, in the Add Site Bindings window, add the below details and then click OK to proceed.
     
  5. As per the above details, fill up the below fields and proceed further.
     
  6. Your SSL certificate is now installed, and the website is configured to accept secure connections.
  7. Your SSL certificate is now successfully installed and binded.

Frequently Asked Questions (FAQ’s)

  1. Are the HTTPS URL bindings added in the IIS?
    To make sure HTTPS bindings are added in the IIS, need to follow the above steps that are mentioned in point 3, 4, 5, 6. Note -  Add the respective point URL redirection in the KB article.
  2. Are the Web config URLs configured with HTTPS?
    To validate the web.config settings, verify the  keys in the app settings section within Znode.Engine.Admin, Znode.Engine.API, Znode.Engine.Webstore web.config file. Below are the screenshots for references.
  3. Znode.Engine.Admin —->Web.Config
     
  4. Znode.Engine.API —->Web.Config
  5. Znode.Engine.Webstore —->Web.Config

Is the URL redirect rule there in the webstore web config to redirect HTTP requests to HTTPS requests?
The URL redirect rule is there in the webstore web config to redirect HTTP requests to HTTPS requests. Below is the screenshot for the URL redirection.

Note - For Https URL redirect we need to add the respective URLs in IIS Bindings.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.