In the age of Let's Encrypt , encrypted websites are now standard. However, wildcard or extended certificates with particularly trustworthy owner validation are also often required. The provider DomainFactory offers inexpensive SSL certificates that can also be used externally. The setup on a current IIS succeeds without CSR with the help of OpenSSL . In the following I will briefly show which steps are required for this.
First you choose the desired address as domain name (by entering "www", so that later both https://tld.com and https://www.tld.com are encrypted):
After selecting the desired certificate and the runtime, DomainFactory can generate its own CSR:
The second option (upload your own CSR) is not necessary and cumbersome (the IIS does not offer by default the possibility to generate SHA256 encrypted requests required by DomainFactory) After the successful order you download the SSL certificate, the private key and the Intermediate CA Bundle:
Now, using OpenSSL and a secure password, combine the key and the certificate in a pfx file:
openssl pkcs12 -export -out www.tld.com.pfx -inkey www.tld.com.key -in www.tld.com.crt
Finally, the intermediate certificate is uploaded to the Windows server:
This is followed by the import of the pfx file created in the IIS Manager (in the Server Certificates area) by entering the previously assigned password:
Finally you have to adjust the bindings (one entry with and one without www):
If the server should be accessible from the outside, open port 443 in the router / firewall.