We setup an on-premise ticketing system, and we needed to setup an SSL on them. We have the ticketing software on an Amazon EC2 Instance, our DNS nameservers have been set to amazon in Godaddy DNS settings. We have two copies of the ticketing system on one of the IIS 10 webserver EC2 Instances. One is for our customers, and one is for internal IT Tickets. They are accessed by domain, and subdomain.
We purchased a Multiple Domain UCC SSL Certificate. This allows us to use it for the primary domain, and subdomains. You can read further on What is a UUC SSL Here. We paid $169.99
Godaddy Setup
After the purchase I used the following Godaddy provided instructions found here: Request an SSL Certificate This took lest than 8 hours for us.
A Breakdown of those instructions (cause you know, companies like to break links)
- Log in to your GoDaddy account.
- Click SSL Certificates.
- Next to the SSL certificate credit you want to use, click Set up. (If you do not have one setup, go buy one)
- If you have multiple credits, select the credit you want to use, and then click Set up.
- Refresh the page; you should see a New Certificate. If you don't, continue to refresh the page until you do.
Request your certificate
Next to your New Certificate, click Manage.
Select one of the following based on where you're hosting your certificate:
Where's it hosted? | What to do |
GoDaddy site builder or hosting on the primary domain name | Select the domain hosted in your account you want to use. |
Anywhere else - including secondary domains and subdomains on your GoDaddy hosting | Select Provide a CSR, and then enter the CSR from your server.
NOTE: If you're requesting a UCC certificate, your CSR should include the SANs you want to use. |
UCC certs only — Enter any Subject Alternate Names you want to use, and then click Add.
Depending on your issuance type, do one of the following:
Issuance Type | Select... |
Standard | Click Request Certificate. |
Deluxe, Extended Validation (EV) | Click Next, and then complete the information on the following page. We'll use this information to verify you control the common name for which you requested the certificate so it must match whatever documentation you provide us.
Click Finished. |
Once that is complete setup the Intermediate Certificate based on the instructions on Godaddy here: Install an Intermediate Certificate in Microsoft IIS 10.
A breakdown of those instructions.
On the web server:
- Start -> search -> MMC -> Console1 -> File -> Add/Remove Snap-in -> Select “Certificates” from the available snap ins -> click add -> Select “computer account” -> next -> choose local computer -> Finish -> click ok in Add or remove Snap-in window.
- In the Console1 Window -> expand window -> Right Click “Intermediate Certification Authorities” -> All Tasks -> Import
- Certificate Import Wizard -> click next -> Click browse -> edit file type drop down to PKCS #7, then select the “*_iis_intermediates.p7p -> Click open -> click next ->
Choose circle for Place all certificates in the following store -> click next
NOTE: You may need to rename the “filename.crt” to “finename.cer”. Don’t worry its interchangeable.
NOTE: You may also need to add the hostname to the “add site bindings” window if you are certifying subdomains.
Using Digicert instructions to Create a Certificate Request in IIS 10 (CSR): Create CSR and Install SSL (installation is halfway down the page)
When you finish those steps, you might want to require anyone accessing the page to be routed to the https url.
Force Redirecting HTTP to HTTPS
- Download URL Rewrite Tool:
https://www.iis.net/downloads/microsoft/url-rewrite
- Navigate to the root folder of your website, typically somewhere in “C:\inetpub\wwwroot”
- Find and edit the web.config file then RESTART IIS Manager
Add the following right before </system.webserver>
<rewrite> <rules> <rule name="HTTPS force" enabled="true" stopProcessing="true"> <match url="(.*)" /> <conditions> <add input="{HTTPS}" pattern="^OFF$" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" /> </rule> </rules> </rewrite>
- Once you add it, you will need to go back to URL Rewrite and enable the rule on the right hand side of the URL Rewrite screen.
Go to IIS manager -> sites -> Website -> URL Rewrite -> activate rule “HTTPS force”
NOTE: 403 Forbidden error
In Some cases you will need to go to IIS.
- Click site menu -> SSL -> Uncheck Require SSL -> apply changes