Overview
The SSL settings are used to create a secure link for the website application though the IIS.
This article provides an overview of SSL/TLS settings, explains the certificate process, and includes step-by-step instructions for testing and troubleshooting after enabling the SSL/TLS certificate.
The Basics
SSL/TLS Certificate
Security certificates are essential for websites that handle sensitive information, like credit cards or healthcare data. As technology advances, SSL (also known as TLS) is becoming the standard for securing web applications.
SSL and TLS settings enable certificates to secure the connection between a website’s host and the user's browser. When a user accesses a secure site, the certificate informs the browser that the connection is encrypted. This certificate includes key details such as the serial number, validation dates (typically one year), registration name, and a public key.
Once the browser verifies the certificate and confirms the issuer as a trusted authority, a private key is generated and shared between the host and browser. This key encrypts data transfers, ensuring secure communication.
A new, unique private key is created for each session.
Note: Getting a security certificate is highly recommended. If you will be using an external Alliant Mobile connection or accessing Alliant Online—especially for payment processing—an SSL certificate is required. This enables secure HTTPS access instead of HTTP.
How Is a Security Certificate Obtained?
Alliant customers are responsible for purchasing the SSL certificate for use with Alliant applications. Security certificates are typically obtained from a Certificate Authority, such as Let’s Encrypt or GoDaddy. Other providers are also available, but these are common examples.
Once purchased, the host will obtain a certificate authenticated by a trusted provider. The certificate is then downloaded to the web server and linked to the IIS Manager.
Note: Alliant Systems will not purchase the certificate needed to utilize SSL/TLS. This responsibility falls on the client and their IT group. Alliant Support will provide information as requested but will not be able to provide specific recommendations on where to purchase a certificate.
Security Certificate Validity and Renewal
The validity period of a security certificate depends on the options selected at the time of purchase. Most certificates are valid for one year and require renewal. While auto-renewal options exist, many users choose the standard one-year certificate.
If a certificate expires, the hosted site will no longer be recognized as secure by the end user’s browser and may fail to load. In this case, a new certificate must be purchased and installed to replace the expired one.
Setting reminders can be extremely helpful to track expiration dates and ensure timely renewal or replacement.
Security Certificate Renewal Process
The renewal process depends on the options provided by the certificate provider and the choices made by the purchaser. Often, users buy a new certificate and replace the old one as the expiration date approaches.
Again, reminders are very helpful to ensure the certificate is renewed or replaced before it expires.
Testing and Troubleshooting
How to Check Internally
- In IIS Manager, under the selected website/application, look for the “Browse” option on the right-hand side.
- When SSL is enabled, the option “Browse *:443 (https)” will be available. Click this to open the site in the server’s default browser and check if the application loads correctly.
If you use “Browse *:80 (http),” the SSL certificate won’t load, and this won't test the binding's validity. Alternatively, you can navigate directly to the site using https://{WebAddress.com}.
How to Check Externally
- From a different computer (not the IIS server), open the webpage in a web browser, using HTTPS:// to ensure the correct access.
- Verify the certificate appears when the page loads.
Browsers may cache certificate information. If necessary, clear the browser’s cache or open the site in “Incognito” mode for Chrome or “Private” mode for Firefox.
If the Website Doesn’t Work with HTTPS
- Check if the certificate has expired or is registered with the wrong path by following the steps above to view the certificate in the browser.
- Ensure IIS is running and restart the service if needed.
- Confirm the http:// version of the website loads properly.
- Ensure port 443 is open through the firewall to allow the certificate to be sent externally.
Additional Resources
- Alliant Online - IIS Setup
This article is targeted towards IT personnel and outlines the steps to set up IIS from a customer web server. - Khan Academy: Transport Layer Security (TLS) - External Resource
This site offers a clear explanation of how TLS protocols work, including the differences between various types. - Microsoft IIS: How to Set Up SSL - External Resource
This is Microsoft's official guide for configuring SSL security on IIS.