StoreFront server - how to install SSL certificate

In a production environment communication between StoreFront server and end user devices should be secured using HTTPS protocol. In order to use HTTPS, StoreFront requires that the Microsoft Internet Information Services (IIS) instance hosting the authentication service and associated stores is configured for HTTPS. In this article I will provide a simple instruction how to install certificate issued by internal Certificate Authority (CA) to IIS 8 instance .

Note: For sites that are going to be accesible from external network, SSL certificate issued by trusted, commercial Certificate Authority (CA) should be used.

Assumptions:

Servers hosting StoreFront role are installed and joined to the same Active Directory domain
Microsoft Certificate Authority is installed and Web Server certificate template is configured.

How to request and install certificate in IIS

1. Open Server manager and launch Internet Information Services (IIS)

Figure 1

2. In IIS Manager, in the left pane select you server and click Server Certificates icon in the middle pane

Figure 2

3. In the Actions pane click Create Domain Certificate Request.

Figure 3

4. Complete the required information and click Next to continue.

Figure 4

5. Complete the required information for certificate authority server and click Finish to continue.

Figure 5

6. The Certificate Signing Request (CSR) is sent to the internal CA, the CA will automatically issue the certificate (certificate is created based on a configured Web Server certificate template) and the wizard will automatically install that certificate on the machine. Newly installed certificate is displayed in the server certificate pane as it is shown in Figure 6.

Figure 6

How to create an HTTPS binding on a site

7. Open IIS Manager. In the left pane expand server name, expand Sites and select the site that you want to configure with your SSL Certificate and click Bindings in the Actions pane.

Figure 7

8. In the Site Binding window, click Add to continue.

Figure 8

9. In the Add Site Bindings window, enter the following information and click OK to continue:

Type: In the drop-down list, select https.
IP address: In the drop-down list, select All unassigned. If your server has multiple IP addresses, select the one that applies.
Port: Enter 443, unless you are using a non-standard port for SSL traffic.
SSL certificate: In the drop-down list, select the friendly name of the certificate which was installed in step 6.

Figure 9

The SSL certificate is now installed and website is configured to accept secure connections.

How to verify HTTPS binding

11. Open IIS Manager. In the left pane expand server name, expand Sites and select the site that you want to configure with your SSL Certificate and click Browse *:443 in the Actions pane.

Figure 10

12. IIS Server welcome page should be displayed

Figure 11

8 Comments

Ben October 28, 2015 at 9:32 pm - Reply

I followed these instructions, but my storefront says in the status of the Store: No certificate associated with this Storefront server.
Any ideas?
Thank you
stefan November 24, 2015 at 4:08 pm - Reply

thank you! nice and tidy!
Krzysztof Piglowski December 6, 2015 at 1:36 pm - Reply

Great article, simple stuff but so helpful when one needs to sort out a an expired cert in the middle of a Sunday.
Many thanks Andrzej!
pterodactyl April 15, 2016 at 6:20 pm - Reply

Great article. Thank you!
Sandeep September 21, 2016 at 8:17 pm - Reply

Thank you
saurabh August 20, 2018 at 11:12 am - Reply

Thanks for sharing information about citrix component & other topics. Great !!!
Usman Ghani July 14, 2019 at 11:28 am - Reply

Perfect, It helped me to renew a certificate on my Citrix environment.
dave green August 26, 2020 at 11:21 am - Reply

thanks for sharing