Skip to main content
Cartegraph Campus

Install SSL Certificates

Cartegraph recommends placing SSL certificates on both the Web and Application servers. Use a wildcard SSL certificate because the certificate secures your website URL, and an unlimited number of its subdomains. For more information, http://support.godaddy.com/help/article/567/what-is-a-wildcard-ssl-certificate.

Before you purchase a certificate, generate a Certificate Signing Request (CSR) from the server. Repeat this on every server you want to get a different certificate for. Click the following link for Go Daddy’s instructions on how to get the CSR from IIS 8:

https://www.godaddy.com/help/generating-a-certificate-signing-request-microsoft-iis-8-4950

Certificates must be signed using a SHA256 or better signature hash algorithm, with either a 2048 bit or greater RSA key or a 256 bit or greater Elliptic-Curve (ECC) key.
 
These are the accepted ciphers:

  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

Cartegraph recommends purchasing certificates from Go Daddy, Digicert, Trustwave, Geotrust, or similar vendor.

  1. Open Internet Information Services (IIS) Manager.
  2. Click the Server Name.
  3. From the center menu and the IIS section, click Server Certificates.
  4. From the Actions menu on the right, click Complete Certificate Request.
  5. For the File name containing the certificate authority's response, browse to your certificate (.crt, .cer) file on your computer.
  6. Set a unique name to identify the SSL certificate on the Friendly name field. For wildcard SSL certificates, make sure your friendly name matches your common name such as, *.<sitename> - *.contoso.com.
  7. From the Select a certificate store for the new certificate field, select Personal.
  8. In the Connections panel on the left, select the name of the server where you installed the certificate.
  9. Expand Sites and select the site you want to secure with the SSL certificate.
  10. In the Actions panel on the right, click Bindings, and click Add.
  11. Set the Bindings properties:
    • Set Type to https.
    • IP address to All Unassigned, or select the IP address of the site.
    • Port to 443.
    • Set the Host name to the wildcard name such as *.<sitename> - *.contoso.com
    • SSL certificate to the one you just installed.
  12. Restart IIS.
  • Was this article helpful?