Common Mistakes With SSL Certificate Binding

Different types of servers will have different requirements when it comes to SSL Certificate Binding. That may not seem to be a very helpful statement, but it can actually solve a lot of problems IT managers are experiencing.

Sometimes, the incorrect version or the incorrect server manual is being used to try to complete the process of SSL Certificate Binding. When this happens, there is an increased chance that there will be difficulties, challenges and problems throughout the process. So, while it may be basic, start by ensuring the instructions being used to bind the certificate are for the correct server.

Then, the next step is to make sure the instructions are for the correct version of the server. For example, there are differences in the Microsoft IIS 7 and IIS 8 versions and it can be very easy to simply click on the first set of instructions without verifying the correct version.

What is Binding?

Within the server, there is a binding element which allows configuration between a website and a server. It is possible to modify, add or change the binding elements when the site is developed or after it is up and running. It will also contain specific types of information. This information includes:

  • The communication protocol
  • The port number
  • The host header
  • The website IP address

When using SSL Certificate Binding the communication protocol is information found in the files from the CA. This will provide information to the server on how to communicate. The next three bullets are identifiers for the site and are known as the binding information.

With the IIS 8.0 or later system all certificates can be stored on Windows Server 2012. This was not offered on earlier IIS versions, which makes the binding process different for the various options.

Obtaining the SSL Certificate

To request the certificate from the Certificate Authority, you will need to first access your web server and generate a CSR or a Certificate Signing Request.

Once that encrypted text is available, copy and paste it into our application form. Comodo makes this is a simple, easy and streamlined process. No need to fax or wait for paperwork to be reviewed.

In fact, you will have your secure sockets layer(SSL)certificate in just a few minutes. We also provide detailed information in our knowledgebase to help you to install the certificate based on the specific type of server in use. The centralized feature of the IIS 8 makes the installation and SSL Certificate Binding simple, but there are a few issues that may potentially cause issues if they are overlooked.

Potential Binding Issues

Before starting the process, check to verify that the IIS 8 version in use on Windows 2012 server has the option to use the Centralized SSL Certificate function. Many people assume this is part of the default installation, but it is not and has to be added before it will become an active feature.

Naming protocol has to be correct for the certificates. This means the DNS and the CN name of the server must match. Then, it is really a simple process of clicking on the server tab, management and then Centralized Certificates. You will next choose to Edit Feature Settings and then add the required information, including a password as well as a certificate private key password if required. This will allow you to access all records and examine certificates once they are installed.

After installation, the SSL Certificate Binding to a specific port can be completed. This will be different based on the operating system. For example, Server 2003 you will use the httpcfg utility while Server 2008 will use netsh.exe.

The information required to complete the binding process is contained in the thumbnail of the certificate which will be available during the install process. The information included in the binding process will exclude all spaces, which is a common error if someone uses a direct copy and paste. Instead, copy the data from the thumbnail to a text editor and remove the spaces.

When using the II8 version the binding is automatic by simply selecting the site from the Add Website box and filling in the information as prompted. Finally, to verify the SSL certificate is in place, use our free Comodo SSL analyzer to verify it is installed and working.

If you are considering an SSL certificate, visit Comodo and take a closer look at the different options we provide and all the features we offer. We are easy to find online at www.ssl.comodo.com or you can also give us a call at +1 888 266 6361 for additional help.

Related Articles