IIS server SSL certificate installation and deployment

Operating scene
This document guides you how to install an SSL certificate in IIS.

instruction:
This document takes the certificate name cloud.tencent.com as an example, and the actual name is subject to the certificate you applied for.
This document uses the operating system Windows Server 2012 R2 as an example. Due to the different operating system versions, the detailed operation steps are slightly different.
Before installing the SSL certificate, please enable the "443" port on the IIS server to avoid the inability to enable HTTPS after the certificate is installed. For details, please refer to How does the server open port 443?
For the method of uploading the SSL certificate file to the server, please refer to How to copy the local file to the cloud server.
Steps
Certificate installation
Please select the certificate you need to install in the SSL certificate management console and click Download.
In the pop-up "Certificate Download" window, select IIS as the server type, click Download and unzip the cloud.tencent.com certificate file package to a local directory.
After decompression, you can obtain the relevant type of certificate file. It contains the cloud.tencent.com.iis folder:
Folder name: cloud.tencent.com.iis
Folder contents:
cloud.tencent.com.key key file
cloud.tencent.com.pfx certificate file
keystorePass.txt password file (if the private key password has been set, there is no keystorePass.txt password file)
Open the IIS Service Manager, select the computer name, and double-click to open the "Server Certificate". As shown below:

In the "Operation" column on the right side of the server certificate window, click Import. As shown below:

In the pop-up "Import Certificate" window, select the path where the certificate file is stored, enter the password, and click OK. As shown below:
instruction:
If the private key password is set when applying for a certificate, when entering the password, please enter the private key password. If the private key password is not set when applying for the certificate, when entering the password, please enter the password of the keystorePass.txt file in the cloud.tencent.com.iis folder.
If the private key password is forgotten, please contact a Tencent Cloud engineer to delete the certificate, and then apply for the domain name certificate again.

Select the site name under the website, and click Bind in the "Operation" column on the right. As shown below:

In the pop-up "Website Binding" window, click Add. As shown below:

In the "Add Site Binding" window, set the website type to https, the IP address to all unassigned, and the port to 443. For the host name, please fill in the domain name of the certificate you are currently applying for, and specify the corresponding SSL certificate. Click OK. As shown below:

After the addition is complete, you can view the newly added content in the "Website Binding" window.
Please use https://cloud.tencent.com to access.
HTTP automatic redirection HTTPS security configuration (optional)
instruction:
The normal jump can be edited according to the following editing rules. If you have other requirements, you can set it yourself.
During the HTTP redirection to HTTPS, if there are external links or the HTTP protocol used in your website elements, the entire page is not completely HTTPS protocol. Some browsers will report unsafe prompts due to these factors, such as unsafe links. You can click "Details" on the unsafe page to view the reason for the error.
Open the IIS Service Manager.
Select the site name under the website and double-click to open "URL Rewriting". As shown below:
Notice:
Please download and install the rewrite module before performing this step.


Go to the "URL Rewriting" page and click Add Rule in the "Operation" column on the right. As shown below:

In the pop-up "Add Rule" window, select a blank rule and click OK. As shown below:

Go to the "Edit Inbound Rules" page. As shown below:

Name: Fill in mandatory HTTPS.
Matching URL: Manually enter (.*) in the "pattern".
Condition: Expand, click Add, and the "Add Condition" window will pop up.
Condition input: {HTTPS}.
Check whether the input string is: the default selection matches the pattern.
Mode: Enter ^OFF$ manually.
Operation: Fill in the following parameters.
Operation type: Select redirect.
Redirect URL: https://{HTTP_HOST}/{R:1}.
Redirection type: choose to refer to other (303).
Click Apply in the "Operation" column to save.
Go back to the home page of the website and click Restart in the "Manage Website" column on the right. You can use http://cloud.tencent.com to access.