How to Configure Secure Socket Layer (SSL) in IIS


HTTPS is a secure communications channel used to exchange sensitive information such as User Credentials or Credit Card details between a client computer and server.  It uses SSL which encrypts communication over the internet.

To setup a website for HTTPS, you need the following items:

  1. Web Server Certificate
  2. SSL Port


Import or Create Self-Signed Certificate

  1. Get a Web Server Certificate. You can generate your own Certificate in IIS or get one from a service such as Verisign.
  2. Open the Internet Information Services (IIS) Manager.
  3. Select the computer name under Connections.
  4. Double-click on Server Certificates.

  1. If you have a Certificate, click Import…
  2. If need to create a Certificate, click Create Self-Signed Certificate.
  3. Specify a friendly name for the certificate.
  4. Ensure that Web Hosting is selected for the certificate store.
  5. Click OK.
  6. The Certificate file will show in the Server Certificates table.

Configure the SSL Port for a Website

  1. Under Connections, select the website.
  2. Click Bindings.

  1. Click Add…
  2. In the Type field, select https.
  3. Default port is 443. You cannot click OK until you select the SSL certificate.
  4. In the SSL certificate drop-down, select the certificate.
  5. Click OK.

Note: Your website is now configured for SSL.  It can be access by clicking Browse *:443 (https) under Browse Website.

Edit the Web.config File

  1. If you only use a non-secure connection (http://), add the comment command code <!– and –> at the beginning and end of the https services code.
  2. If you are using only secure (https://), add the comment command code <!– and –> at the beginning and end of the http services code.
  3. When using both non-secure and secure, the comment command code is not needed.

Note: The bindings in IIS and the Web.config file must match.