Manually install an SSL certificate on IIS 10 server
Copy your certificate files onto the server
- Find the directory on your server where certificate and key files are stored, then upload your intermediate certificate (gd_iis_intermediates.p7b or similar) and primary certificate (.cer file that you just converted) into that folder.
Add a Certificate Snap-in to the Microsoft Management Console (MMC)
- Click on your Start Menu, then click Run.
- In the prompt, type mmc and click OK.
- Click File, then click Add/Remove Snap-in.
- On the new window, click the Add button.
- On the new window, select Certificates and click Add.
- Select Computer account for the snap-in and click Next.
- Click Local computer and click Finish.
- Click Close on the Add Standalone Snap-in window.
- Click OK on the Add/Remove Snap-in window.
Import the Intermediate SSL Certificate
- In the MCC Console, click ▸ to expand Certificates (Local Computer).
- Right click on the Intermediate Certification Authorities folder, hover over All Tasks and click Import.
- On the new window, click Next.
- Click Browse, find your gd_iis_intermediates.p7b intermediate certificate file and click Open.
- Click Next, verify that the certificate information is proper and click Finish.
- Close the the import was successful notification.
Install your SSL certificate
- Click on your Start Menu, then click Run.
- In the prompt, type inetmgr and click OK to launch the Internet Information Services (IIS) Manager.
- Under the Connections panel on the left, click on your Server Name.
- In the main panel under the IIS section, double click on Server Certificates.
- Under the Actions panel on the right, click Complete Certificate Request.
- On the new window, click … to browse, find your previously uploaded primary certificate file and click Open.
- Add a Friendly name to easily identify this certificate in the future.
- In the certificate store option, select Web Hosting and click OK.
Bind the SSL certificate
- Under the Connections panel on the left, click ▸ to expand the Sites folder.
- Click the Site Name that you plan to install the SSL certificate onto.
- Under the Actions panel on the right, find the Edit Site section and click Bindings.
- On the new window, click Add and fill out the following information:
- Type: select https.
- IP Address: select All Unassigned.
- Port: type in 443.
- Host name: leave this empty.
- SSL Certificate: select your recently installed SSL.
- Click OK to confirm, then Close for the Site Bindings window.
Restart IIS
- Under the Actions panel on the right, find the Manage Website section and click Restart.
SOLUTION TYPE: 2
Add a Certificate Snap-in to the Microsoft Management Console (MMC)
- Click on your Start Menu, then click Run.
- In the prompt, type mmc and click OK.
- Click File, then click Add/Remove Snap-in.
- On the new window, click the Add button.
- On the new window, select Certificates and click Add.
- Select Computer account for the snap-in and click Next.
- Click Local computer and click Finish.
- Click Close on the Add Standalone Snap-in window.
- Click OK on the Add/Remove Snap-in window.
Import the Intermediate SSL Certificate
- In the MCC Console, click ▸ to expand Certificates (Local Computer).
- Right click on the Personal folder, hover over All Tasks and click Import.
- On the new window, click Next.
- Click Browse, find your .pfx certificate file and click Open.
- Click Next, verify that the certificate information is proper and click Finish.
- Close the the import was successful notification.
Install your SSL certificate
- Click on your Start Menu, then click Run.
- In the prompt, type inetmgr and click OK to launch the Internet Information Services (IIS) Manager.
- Under the Connections panel on the left, click on your Server Name.
- In the main panel under the IIS section, double click on Server Certificates.
- Under the Actions panel on the right, click Complete Certificate Request.
- On the new window, click … to browse, find your previously uploaded primary certificate file and click Open.
- Add a Friendly name to easily identify this certificate in the future.
- In the certificate store option, select Personal and click OK.
Bind the SSL certificate
- Under the Connections panel on the left, click ▸ to expand the Sites folder.
- Click the Site Name that you plan to install the SSL certificate onto.
- Under the Actions panel on the right, find the Edit Site section and click Bindings.
- On the new window, click Add and fill out the following information:
- Type: select https.
- IP Address: select All Unassigned.
- Port: type in 443.
- Host name: leave this empty.
- SSL Certificate: select your recently installed SSL.
- Click OK to confirm, then Close for the Site Bindings window.
Restart IIS
- Under the Actions panel on the right, find the Manage Website section and click Restart.
The request is not supported (0x80070032)
IIS uses bindings to determine where to redirect requests. These bindings can be secured (https – mostly on port 443) or unsecured (http – mostly on 80).
In a case I worked on, I came across to this error while trying to add an https binding: The request is not supported (Exception from HRESULT: 0x80070032).
The PowerShell command below gave an error too
netsh http add sslcert ipport=[IP:port] appid="[APP ID]"
certhash=[HASH]certstorename=MY
SSL Certificate add failed, Error: 50
The request is not supported
Solution
Since both secure binding and Windows Update were failing, the issue seemed to be related to TLS protocol settings.
If you are troubleshooting a similar issue, make sure TLS protocols and encryption algorithms are enabled. Additionally, check if secure cipher suites are enabled. In our case, there was only one cipher suite defined. This was the reason of both binding and Windows Update issues.
We followed the steps below to use default cipher suite list:
- Go to “Start > Run“. Enter: gpedit.msc
- In the left pane, expand “Computer Configuration > Administrative Templates > Network > SSL Configuration Settings“
- In the right pane, right click “SSL Cipher Suite Order” and choose “Edit”
- Save the text inside “SSL Chiper Suite” field to a Notepad for backup
- Select “Not Configured”
- Click “OK”
- Restart the server (gpupdate doesn’t enforce this setting. You should restart the server)
Note: If the setting is already “Not Configured”, change it to “Enabled” and restart the server. It should work. Later, you can change it back to “Not Configured” and restart again.
Solutions: 2
Download and run IIS Crypto. Make sure TLS protocols and encryption algorithms are enabled.
Additionally, check if secure cipher suites are enabled. In the server I troubleshot, there was only one cipher suite active. This caused the both binding and Windows Update issues. We followed the steps below to use default cipher suite list in the server which solved the issue:
- Go to “Start > Run“. Enter: gpedit.msc
- In the left pane, expand “Computer Configuration > Administrative Templates > Network > SSL Configuration Settings“
- In the right pane, right click “SSL Cipher Suite Order” and choose “Edit”
- Save the text inside “SSL Chiper Suite” field to a Notepad for backup
- Select “Not Configured”
- Click “OK”
- Restart the server (gpupdate doesn’t enforce this setting. You should restart the server)
I’m also writing to make you understand of the outstanding discovery my wife’s girl had viewing your web page. She even learned lots of details, not to mention what it’s like to possess an excellent helping heart to make the others quite simply learn about specified complicated subject matter. You undoubtedly surpassed visitors’ expected results. Thank you for displaying the powerful, safe, informative and also easy tips about that topic to Emily.