SSL (Secure Socket Layer) is an encryption process for web pages. I have looked at this in the past to try and set up using a free SSL certificate but found the whole process a bit disorienting. Its not doing just one thing but a few. I got lost within the labyrinth so did a tactical withdrawal.
I am tinkering with developing an eCommerce site and found that I needed to set up an HTTPS website that had encryption. So “once more into the breach dear friends….”Preview Changes (opens in a new window).
Free SSL certificates can be obtained Lets Encrypt. It is based on a linux platform so that was where my difficulty lay as I am on a windows VPS (Virtual Private Server) so there were all these arcane things I had to due due to the windows environment. Not anymore. There is Certify SSL Manager which will manage free https certificates for IIS.
This is their Getting Started page. [ Note- Check bottom of post before setting up your first HTTPS site, as first one will need to remain 9ie you cannot delete that one)]
Download the Setup file (item 1 on image above) on your server. Then run the setup file and you should get a programme window display that looks like Item 2 above.
The interface is a bit confusing with the 2 main buttons in the middle that you want to press (item 4). You do and they take you to a login for the paid versions. See 2 images below where pricing is shown.
To make things clear, you do not need to SIGN IN to use the free certificates.
For free on your single server you are allowed up to 5 managed HTTPS sites.
At some point early in the process you are asked to give a NEW CONTACT for the certificates (This is used in case Auto Renewal does not occur (more about this later)
The other options, paid, are shown below.
As I’m just testing, I only want the free account , so in the Community Edition (item 1) interface, you click on New Certificate Button in Top LeftHand corner (Item 2).
The managing interface is the Menu shown in Item 3.
So we click on New Certificate and then in the pull down choose one of my original HTTP sites.
Items 1 & 2 below should already be ticked.
Note , the existing site is setup as HTTP://vitreosity.tk/
So we now hit the Request Certificate Button
The process starts creating certificate
It says success
The web site is now in GREEN.
We now have to go into the Windows setup. Go to Server Manager & Open IIS Manager
Open Sites, find the vitreosity.tk instance, right click on it and delete it. (This is setup as an HTTP instance, we want to change it to an HTTPS instance.
Select Sites, Right Click and ADD NEW. Re-create vitreosity.tk as a HTTPS instance this time. From Certify SSL Manager, this has created SSL certificate.
As this is free version, this pops up. Press YES.
You will now see your site is HTTPS (item 3 below)
Now if we go to browser and go to website , with HTTPS:// in front of it, you will see a nice green padlock which means the HTTPS:// is working/
This is my other website I converted over to HTTPS:// but you see the Yellow Triangle. and clicking on that shows : Connection is Not Secure.
This is because all the links and internal aspects of the site have HTTP:// connections in them, and those links make the site insecure. So you have to make sure that all your links (internal/external(?) are upgraded to HTTPS:// (I need to explore more thoroughly)
The Lets Encrypt certificates only last for 3 months, so you need to renew them. So go back to Certify SSL Manager, click on the Configure Auto Renew Button and check it is using the button as per image below.
A couple of things I have noticed.
1/ The first site you setup becomes the default site, and the others are linked to that default site certificate.
So the other 4 free HTTPS sites that you want to have with their separate certificates somehow link back to the original default site certificate. So they are dependent on that one being active.
If you delete the default site (as I did because I used one of my test sites with heaps of HTTP links (so the site is not secure)) then when testing the new site it says its insecure. You have to reinstate the default site.
2/ You can use the bindings to adjust site from HTTP to HTTPS without having to delete the site and re-do it in IIS.
I think it will be a challenge to upgrade an existing website with lots of links.
Of the 2 examples above, vitreosity is a brand new website so it is easy to make sure all internal linkages are HTTPS://
I will have to consider what to do (and test, external links to non HTTPS:// websites.)
The other website I will convert back to HTTP:// as its not worth the trouble to modify all the links (although it may be an interesting exercise).
[Note, as this was the default one I am stuck with it. I did try and reinstall the programme but the original certificates remained. I need to look to see where they are stored to see if I can delete them to start again]
Having only 5 websites that you can encrypt on one server possibly means you have to link the encrypted sites but not the encrypted sites to the encrypted. Another level of complication.
It is great that there is a windows version of Lets Encrypt now.
I am grateful to Lets Encrypt that I can now plan a HTTPS site without too much drama, so thank you Lets Encrypt.