So as I enter the world of suffering to get SSL working on some sites… I noticed that most SSL providers (at least the free one I’ve been using) – don’t provide the cert in the file format I need to do just a “import” within IIS. Go figure!
So what to do?
Well as it turns out there’s a utility to make the the crt formatted file into a pfx (which is what IIS likes).
openssl – look for it on the inter-tubes
openssl pkcs12 -export -out anotherCert.pfx -inkey private.key -in certificate.crt
Another point… I generally use SSL For Free for creating quick free SSL certs- they only last 90 days, but if you want longer lasting Certs… yeap you have to pay for them.
And finally, hosting multiple sites on a single IP and IIS server, one does need to get specific site SSL certs. The thing to remember to so make sure you select the “Require Server Name” check box as on, in the Bindings config. Otherwise you will get an error when selecting a site SSL cert. The warning message will say something to the effect of the cert being set for all sites being hosted. Ya that’s not what you want of course, as a cert for Site.Name.Domain will get assigned to all the sites being hosted. It’s a simple check box to miss, but it’s important.