In a production environment communication between StoreFront server and end user devices should be secured using HTTPS protocol. In order to use HTTPS, StoreFront requires that the Microsoft Internet Information Services (IIS) instance hosting the authentication service and associated stores is configured for HTTPS. In this article I will provide a simple instruction how to install certificate issued by internal Certificate Authority (CA) to IIS 8 instance .

Note: For sites that are going to be accesible from external network, SSL certificate issued by trusted, commercial Certificate Authority (CA) should be used.

Assumptions:

  • Servers hosting StoreFront role are installed and joined to the same Active Directory domain
  • Microsoft Certificate Authority is installed and Web Server certificate template is configured.

How to request and install certificate in IIS

1. Open Server manager and launch Internet Information Services (IIS)

IIS-ssl-1

Figure 1

2. In IIS Manager, in the left pane select you server and click Server Certificates icon in the middle pane

IIS-ssl-2

Figure 2

3. In the Actions pane click Create Domain Certificate Request.

IIS-ssl-3

Figure 3

4. Complete the required information and click Next to continue.

iis-ssl-31

Figure 4

5. Complete the required information for certificate authority server and click Finish to continue.

iis-ssl-32

Figure 5

6. The Certificate Signing Request (CSR) is sent to the internal CA, the CA will automatically issue the certificate (certificate is created based on a configured Web Server certificate template) and the wizard will automatically install that certificate on the machine. Newly installed certificate is displayed in the server certificate pane as it is shown in Figure 6.

IIS-ssl-4

Figure 6

How to create an HTTPS binding on a site

7. Open IIS Manager. In the left pane expand server name, expand Sites and select the site that you want to configure with your SSL Certificate and click Bindings in the Actions pane.

IIS-ssl-5

Figure 7

8. In the Site Binding window, click Add to continue.

IIS-ssl-6

Figure 8

9. In the Add Site Bindings window, enter the following information and click OK to continue:

Type: In the drop-down list, select https.
IP address: In the drop-down list, select All unassigned. If your server has multiple IP addresses, select the one that applies.
Port: Enter 443, unless you are using a non-standard port for SSL traffic.
SSL certificate: In the drop-down list, select the friendly name of the certificate which was installed in step 6.

IIS-ssl-7

Figure 9

The SSL certificate is now installed and website is configured to accept secure connections.

How to verify HTTPS binding

11. Open IIS Manager. In the left pane expand server name, expand Sites and select the site that you want to configure with your SSL Certificate and click Browse *:443 in the Actions pane.

IIS-ssl-10

Figure 10

12. IIS Server welcome page should be displayed

iis-ssl-9

Figure 11