Microsoft IIS¶

1. In the TLS Protect Cloud toolbar, click Machines.
2. Click the checkbox next to the Microsoft IIS machine that you want to provision a certificate to.
3. Click Provision a certificate. The Provision a certificate modal opens.

4. From the Choose a certificate from the inventory field, begin typing the certificate name you want to provision. Click the certificate when you see it listed.

   Verify that you've selected the correct certificate by reviewing the Subject DN, Validity, and Fingerprint.

5. From the CAPI Store drop down, select the certificate store you want the certificate installed in. The Web Hosting store is recommended for certificates used by IIS.

6. Enter a Friendly Name for this certificate. The certificate will appear with this name when used in IIS.
7. (Optional) If you want to bind the certificate to the IIS website, toggle the Bind Certificate to IIS Web Site slider to the on position. In the IIS Web Site Name field, enter the site from your IIS server that you want to provision the certificate to.

8. If you want TLS Protect Cloud to create a new binding if a matching binding isn't found, click the Create Binding if not found slider.

   What happens if I don't choose this and the binding doesn't exist?

   If the specified binding doesn't exist and you've told TLS Protect Cloud not to create it, the certificate will be added to the CAPI store, and provisioning will result in an error.

9. In the Binding IP Address field, enter an IP address that is bound to Windows. The certificate will be available only for the IP address you enter here. Leave the field empty if you want the certificate to be available an all of the Windows server's IP addresses.

10. In the Binding Port, enter a port number to add to the binding.
11. In the Binding Hostname, enter a hostname to add to the binding if you want the binding to use Server Name Indication (SNI).
12. If you don't want the certificate to be pushed when you save, toggle the Push upon saving slider to No.

13. Click Save.

    Want to schedule your provisions?

    Schedule your provisions daily, weekly, or monthly. Learn more

    Are you requiring strict enforcement of PowerShell script signing?

    The Microsoft IIS provisioning process uses PowerShell over WinRM to install certificates on the Windows machine. TLS Protect Cloud PowerShell scripts are signed using Venafi's DigiCert CodeSigning certificate. If your organization enforces strict signing requirements to execute PowerShell scripts, ensure Venafi's CodeSigning certificate is included of the Trusted Publishers location on the machine's CAPI store.

    Typically, trusted publisher certificates are managed and distributed via Group Policy by your Active Directory administrators.

    You can find the certificate in PEM format for your convenience here:

    -----BEGIN CERTIFICATE-----
    MIIHdjCCBV6gAwIBAgIQA3u+MLwT6dzuHddPoVsU7DANBgkqhkiG9w0BAQsFADBp
    MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMT
    OERpZ2lDZXJ0IFRydXN0ZWQgRzQgQ29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0
    IDIwMjEgQ0ExMB4XDTIzMDkxNDAwMDAwMFoXDTI0MDkxMzIzNTk1OVowfjELMAkG
    A1UEBhMCVVMxDTALBgNVBAgTBFV0YWgxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5
    MRUwEwYDVQQKEwxWZW5hZmksIEluYy4xGTAXBgNVBAsTEEVuZ2luZWVyaW5nIFZh
    YVMxFTATBgNVBAMTDFZlbmFmaSwgSW5jLjCCAiIwDQYJKoZIhvcNAQEBBQADggIP
    ADCCAgoCggIBALavowQ/i5/wEvbIkDxRSZyRC/zl377Tgva8J/xnqvk5e6TPmVvW
    3XytmaFkrKkT2ocAf7sQORMwsRMr9TvnIRe3EpmKeIhVzzgTC+KCL93arqfDGK+W
    8sMA/lMP4PRC8LMyudo6UhaBsFgOSETewS+4CxDZ3M5+p8+ioM/+mfPSLEjQv0FL
    CHarE56E2RW+ERRnv0ypt61+oH3uKIwlBoLpaTOZ6cOVp4XMhZFLMNrXgyHvCDGQ
    3yoOZyfAf8wqqaDi3na+twiq28ZnSas+gn5q5Xo64Ab2UXi/V93lnbHpFuWPmms9
    pbHmIwlyKdiILtAEV1kid8sCNFQoY6BR4TDCqVwyMKPzBhWqr7uDf9gBWwFtY5hi
    abv4KlhQNBYncZbwl7nC6YxwQkRG3SDjxJTczUhjnGvrC+y+DkDPeOOFL5HR5y+r
    f9toh8UJ+X3tTso5TIIrHr4sTphiGQrs54JKs5QGqi/07i1DSrojH+6HjasXzyNz
    rb3zI9AZh3hLHfnqJLhs1qKNRfz7l/CfnAsSQZogLGfxf99sMy0ROaIYoEejA5fI
    BpnGA8BttVy3ZngNcZAEuOaiauoMv0MkZGgq2EcHtOyn4vf2iWk2hmnO9Kttui/+
    yYQQDDMhbZ8nlxlb59NgwliCIDjnvMaoPZx8di5HpWHBqMQojIz/Vb97AgMBAAGj
    ggIDMIIB/zAfBgNVHSMEGDAWgBRoN+Drtjv4XxGG+/5hewiIZfROQjAdBgNVHQ4E
    FgQUB/6R6Ajwh4f/Oz/XTYi5RQBMlMowPgYDVR0gBDcwNTAzBgZngQwBBAEwKTAn
    BggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA4GA1UdDwEB
    /wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzCBtQYDVR0fBIGtMIGqMFOgUaBP
    hk1odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkRzRDb2Rl
    U2lnbmluZ1JTQTQwOTZTSEEzODQyMDIxQ0ExLmNybDBToFGgT4ZNaHR0cDovL2Ny
    bDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0Q29kZVNpZ25pbmdSU0E0
    MDk2U0hBMzg0MjAyMUNBMS5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMCQGCCsGAQUF
    BzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wXAYIKwYBBQUHMAKGUGh0dHA6
    Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNENvZGVTaWdu
    aW5nUlNBNDA5NlNIQTM4NDIwMjFDQTEuY3J0MAkGA1UdEwQCMAAwDQYJKoZIhvcN
    AQELBQADggIBAMQJo3SaodMktCdEyiE8RcK6uLtEQXNj1cA7hO/kQ8kWshwfXdml
    mwWkoKnZGv79rffQRq8I/Nxr6VzOxh1Si/3fSwu4E2y1HNiDmXnD37p9qu8C5bYF
    8vjwC4OPmeLWDKOegZAe2VTvtDekOQz+z4irVemdBDhXAEPKbuKHlhvI3kGpcy3j
    Vs1Bxom6Z21mgp/K9j2fVyCKoEJxEI+KDxfHgvwAlhh2rA+BCeNYjFaSb+2Zub9K
    iMULH/HVM/4lu0kZ87nFOshyv2EKtqEdYz/+RUAwHrtWloqbyD2ELISErxSiuGBB
    6JX3sa79GAZdaCyi7l8wVVLbgJNaKtR7pGtDPTAwBE1DogtqYcLr1RZRmcszKYOQ
    A+qbcDG2Mnd5eiEedR/3sQc/OSdJcC9s12rSWBIeHDlALhj9M3pOMAAoeP74kBN3
    P8nIGbnoANMvzMxhI5P6xnFTiJp3x2gv1ZHzid7njieCWT2zcJb8k3Sk4D7EQnTi
    UZUBu2SpWf6MzPwRGHkTsEJIHSA6iYIyksjCHPq36U5qkjKHB21abVs79kRn60uN
    YliWAUoGoSJ3v6gViWJGgkbYoLXgONrvxMbMHrdJLKV5B6uxkWxJ44ya/C8eqgNm
    UA5jY2HnS9I031EDjiccSvn/x3yCBJ4CbQyJvLj202lU72A8A4MHAeV2
    -----END CERTIFICATE-----