How to Install SSL Certificates on Microsoft Servers

by Dan Sullivan


Windows administrators are continually tasked with securing servers and applications, including installing SSL certificates for authentication and encryption. This raises a number of questions for system administrators: which kind of SSL certificate should be used? How are SSL certificates installed? What is the Certificate Store? How does SSL work in Internet Information Server (IIS), Exchange Server,  SQL Server and SharePoint?  This how-to guide provides detailed step by step instructions on how to select, install and maintain SSL certificates in Microsoft environments. Whether you are just starting out and need to know how to acquire a certificate, or you are looking for tips on troubleshooting and maintaining existing certificate configurations, this guide has pragmatic and detailed information to help you.


Chapter 1: Getting Started with SSL Certificates in Windows Server

We are constantly making use of SSL certificates, although we may not appreciate the frequency. When we navigate to a site using HTTPS, we are making use of an SSL certificate. When we encrypt a message to send to another party, we are depending on an SSL certificate. When we install software that has been signed by a trusted source, we are once again making use of SSL certificates. Their prevalence in IT environments indicates just how valuable they are in a number of applications. It is not surprising that sooner or later, many systems administrators, application managers, and other Windows professionals need to install and manage SSL certificates.

This book is designed to help you understand how to select an SSL certificate, install it in a Windows environment, manage multiple certificates, and use them with specialized applications, such as the SQL Server relational database. The guide is organized into four chapters.

Chapter 2: Understanding the Microsoft Certificate Store

One of the things we quickly realize when we start to work with SSL certificates is how many we need to manage. We can have SSL certificates for Web servers, mail servers, various kinds of application servers, and individual users can have servers, too. And those are just the servers we generate or acquire for internal purposes. We also need to manage certificates for trusted third parties, like Microsoft or security vendors that provide SSL certificates. Certificates from these trusted sources are kept on our computers so that we can determine the authenticity of certificates signed by these parties. Clearly, we need a way to keep track of all the digital certificates. This is where a certificate store comes in.

In this, the second chapter of How to Install SSL Certificates for on Microsoft Servers, we will examine some of the basic tasks associated with managing and maintaining SSL certificates. Before we jump into various certificate operations, we need to understand a bit about the certificate store and tools for working with that store.

The chapter is organized into three main sections:

  • Overview of the purpose of the certificate store
  • How to manage certificates with the Microsoft Management Console (MMC)
  • Maintenance tasks associated with SSL certificates

The object of this chapter is to familiarize you with how the Windows operating systems (OSs) manage certificates and what you need to do to before taking the next step of deploying SSL certificates in your Web servers, email servers, database servers, and other enterprise applications.

Chapter 3: Using SSL Certificates in Microsoft Internet Information Server (IIS)

The goal of this book is to provide readers a step‐by‐step guide to working with SSL certificates in a Windows environment. In the first chapter, we considered different types of SSL certificates and the reasons for choosing one type over another. In the second chapter, we delved into the Microsoft Certificate Store and reviewed how to use the Microsoft Management Console (MMC) to perform basic certificate operations and management tasks. In this chapter, we turn our attention to one of the most common business drivers for using SSL certificates: providing assurance about the authenticity of our business' Web sites.

Web sites make use of SSL certificates to authenticate themselves to clients and to support encrypted communication with clients. Windows systems administrators responsible for maintaining Web sites will likely have to install and maintain SSL certificates for one or more sites. This chapter provides a detailed explanation of how to install SSL certificates with Internet Information Server (IIS) Manager, including binding certificates to sites, configuring SSL settings, and verifying installation. The role of authenticating clients with SSL certificates is also discussed. We conclude this chapter with a discussion of setting up development and test environments with self‐signed certificates.

The chapter is organized around three tasks commonly performed when working with IIS:

  • Installing SSL certificates in IIS with the IIS Manager
  • Authenticating clients with client certificate mapping
  • Setting up SSL‐enabled development and test environments

Most of the work involved in these steps occurs within the IIS Manager, but as we will see next, an important step begins with requesting a certificate from a trusted third‐party provider.

Chapter 4: Installing SSL Certificates in Microsoft Exchange Server, Microsoft SharePoint, and Microsoft SQL Server

SSL certificates are often associated with Web servers such as Microsoft IIS, but they are actually used in a variety of Microsoft applications, including Microsoft Exchange email server, Microsoft SharePoint collaboration server, and the Microsoft SQL Server database. The process of installing an SSL certificate has both common and application-specific steps across these applications. This final chapter discusses how to install an SSL certificate in Microsoft Exchange Server, Microsoft SharePoint Server, and Microsoft SQL Server. We begin with a quick overview of the common parts of the installation process, then discuss each application in more detail.