Integrate SSL Certificate from DomainFactory to IIS

In the age of Let's Encrypt , encrypted websites are now standard. However, wildcard or extended certificates with particularly trustworthy owner validation are also often required. The provider DomainFactory offers inexpensive SSL certificates that can also be used externally. The setup on a current IIS succeeds without CSR with the help of OpenSSL . In the following I will briefly show which steps are required for this.


First you choose the desired address as domain name (by entering "www", so that later both https://tld.com and https://www.tld.com are encrypted):

SSL certificate IIS

After selecting the desired certificate and the runtime, DomainFactory can generate its own CSR:

SSL certificate IIS

The second option (upload your own CSR) is not necessary and cumbersome (the IIS does not offer by default the possibility to generate SHA256 encrypted requests required by DomainFactory) After the successful order you download the SSL certificate, the private key and the Intermediate CA Bundle:

SSL certificate IIS

Now, using OpenSSL and a secure password, combine the key and the certificate in a pfx file:

openssl pkcs12 -export -out www.tld.com.pfx -inkey www.tld.com.key -in www.tld.com.crt

Finally, the intermediate certificate is uploaded to the Windows server:

SSL certificate IIS

This is followed by the import of the pfx file created in the IIS Manager (in the Server Certificates area) by entering the previously assigned password:

SSL certificate IIS

Finally you have to adjust the bindings (one entry with and one without www):

SSL certificate IIS

If the server should be accessible from the outside, open port 443 in the router / firewall.

Back