StoreFront server – how to install SSL certificate

//StoreFront server – how to install SSL certificate

StoreFront server – how to install SSL certificate

Share this post

In a production environment communication between StoreFront server and end user devices should be secured using HTTPS protocol. In order to use HTTPS, StoreFront requires that the Microsoft Internet Information Services (IIS) instance hosting the authentication service and associated stores is configured for HTTPS. In this article I will provide a simple instruction how to install certificate issued by internal Certificate Authority (CA) to IIS 8 instance .

Note: For sites that are going to be accesible from external network, SSL certificate issued by trusted, commercial Certificate Authority (CA) should be used.


  • Servers hosting StoreFront role are installed and joined to the same Active Directory domain
  • Microsoft Certificate Authority is installed and Web Server certificate template is configured.

How to request and install certificate in IIS

1. Open Server manager and launch Internet Information Services (IIS)


Figure 1

2. In IIS Manager, in the left pane select you server and click Server Certificates icon in the middle pane


Figure 2

3. In the Actions pane click Create Domain Certificate Request.


Figure 3

4. Complete the required information and click Next to continue.


Figure 4

5. Complete the required information for certificate authority server and click Finish to continue.


Figure 5

6. The Certificate Signing Request (CSR) is sent to the internal CA, the CA will automatically issue the certificate (certificate is created based on a configured Web Server certificate template) and the wizard will automatically install that certificate on the machine. Newly installed certificate is displayed in the server certificate pane as it is shown in Figure 6.


Figure 6

How to create an HTTPS binding on a site

7. Open IIS Manager. In the left pane expand server name, expand Sites and select the site that you want to configure with your SSL Certificate and click Bindings in the Actions pane.


Figure 7

8. In the Site Binding window, click Add to continue.


Figure 8

9. In the Add Site Bindings window, enter the following information and click OK to continue:

Type: In the drop-down list, select https.
IP address: In the drop-down list, select All unassigned. If your server has multiple IP addresses, select the one that applies.
Port: Enter 443, unless you are using a non-standard port for SSL traffic.
SSL certificate: In the drop-down list, select the friendly name of the certificate which was installed in step 6.


Figure 9

The SSL certificate is now installed and website is configured to accept secure connections.

How to verify HTTPS binding

11. Open IIS Manager. In the left pane expand server name, expand Sites and select the site that you want to configure with your SSL Certificate and click Browse *:443 in the Actions pane.


Figure 10

12. IIS Server welcome page should be displayed


Figure 11


By | 2016-12-18T19:21:31+00:00 December 19th, 2014|StoreFront|5 Comments

About the Author:

I’m a Citrix Architect with 17 years experience in Microsoft and Citrix infrastructure. I have been working with Citrix since Metaframe 1.8 and my primary focus is on Server, Desktop and Application virtualisation with a preference for Citrix products. I’m an enthusiast of Citrix XenDesktop and Provisioning Server.


  1. Ben October 28, 2015 at 9:32 pm - Reply

    I followed these instructions, but my storefront says in the status of the Store: No certificate associated with this Storefront server.
    Any ideas?
    Thank you

  2. stefan November 24, 2015 at 4:08 pm - Reply

    thank you! nice and tidy!

  3. Krzysztof Piglowski December 6, 2015 at 1:36 pm - Reply

    Great article, simple stuff but so helpful when one needs to sort out a an expired cert in the middle of a Sunday.
    Many thanks Andrzej!

  4. pterodactyl April 15, 2016 at 6:20 pm - Reply

    Great article. Thank you!

  5. Sandeep September 21, 2016 at 8:17 pm - Reply

    Thank you

Leave A Comment

To protect our website from spam. * Time limit is exhausted. Please reload the CAPTCHA.