How to Replace Self-Signed Certificate by CA Certificate for Internal Website on IIS 6

Learn how to replace self-signed certificate by CA certificate for internal website on IIS 6 in this step-by-step guide.

If you have an internal website system hosted on IIS 6, you may encounter a problem when accessing it by Chrome. Chrome will block the access and show a warning message that the site is not secure because the SSL certificate is self-signed. This means that the certificate is not issued by a trusted authority and cannot be verified. To solve this problem, you need to replace the self-signed certificate by a CA certificate, which is issued by a trusted authority and can be verified by Chrome. In this article, we will show you how to do that in a few simple steps.

What is a Self-Signed Certificate and a CA Certificate?

Before we start, let us explain what a self-signed certificate and a CA certificate are.

• A self-signed certificate is a certificate that is created and signed by the same entity that owns it. For example, if you create a certificate for your own website, you are the issuer and the owner of the certificate. A self-signed certificate does not require any third-party verification and can be used for testing purposes or internal use. However, a self-signed certificate is not trusted by browsers and other applications, because they cannot verify the identity of the issuer and the owner. Therefore, a self-signed certificate is not suitable for public websites or applications that require secure communication.
• A CA certificate is a certificate that is issued and signed by a trusted authority, called a certificate authority (CA). A CA is an entity that verifies the identity and legitimacy of the certificate owner and issuer. For example, if you want to get a certificate for your website, you need to apply to a CA and provide some information and documents to prove your identity and ownership of the website. The CA will then issue and sign a certificate for you, which is called a CA certificate. A CA certificate is trusted by browsers and other applications, because they can verify the identity of the issuer and the owner by checking the signature of the CA. Therefore, a CA certificate is suitable for public websites or applications that require secure communication.

How to Replace Self-Signed Certificate by CA Certificate for Internal Website on IIS 6?

To replace self-signed certificate by CA certificate for internal website on IIS 6, you need to follow these steps:

Step 1: Obtain a CA certificate from a trusted authority.

You can either buy a CA certificate from a commercial CA, such as DigiCert, GlobalSign, or Let’s Encrypt, or get a free CA certificate from a non-profit CA, such as ZeroSSL, SSL For Free, or Cloudflare. You will need to provide some information and documents to the CA, such as your domain name, your contact details, and your company name (if applicable). The CA will then issue and sign a CA certificate for you, which will be in the form of a file with an extension of .crt, .cer, or .pem. You will also need to download the intermediate certificates and the root certificate of the CA, which are also in the form of files with the same extensions. These certificates are used to establish a chain of trust between your CA certificate and the CA.

Step 2: Install the CA certificate on your IIS 6 server.

You need to copy the CA certificate file, the intermediate certificates files, and the root certificate file to your IIS 6 server. Then, you need to open the Internet Information Services (IIS) Manager, which is a tool that allows you to manage your IIS server. You can find it in the Start menu, under Administrative Tools. In the IIS Manager, you need to expand the tree on the left side, and select the website that you want to secure with the CA certificate. Then, you need to right-click on the website, and select Properties. In the Properties window, you need to click on the Directory Security tab, and then click on the Server Certificate button. This will open the Web Server Certificate Wizard, which will guide you through the process of installing the CA certificate on your IIS 6 server. You need to follow the instructions on the wizard, and select the option to replace the current certificate. You will need to browse to the location of the CA certificate file, and select it. You will also need to browse to the location of the intermediate certificates files, and select them. You will also need to browse to the location of the root certificate file, and select it. You will then need to confirm the installation of the CA certificate on your IIS 6 server.

Step 3: Restart your IIS 6 server.

After installing the CA certificate on your IIS 6 server, you need to restart your IIS 6 server to apply the changes. You can do this by clicking on the Restart button in the IIS Manager, or by using the command prompt. To use the command prompt, you need to open it as an administrator, and type the following commands:

iisreset /stop
iisreset /start

Step 4: Test your internal website on Chrome.

After restarting your IIS 6 server, you can test your internal website on Chrome. You should be able to access your internal website without any warning message, and see a padlock icon in the address bar, indicating that the connection is secure. You can also click on the padlock icon, and view the details of the CA certificate that you have installed on your IIS 6 server.

Frequently Asked Questions (FAQs)

Question: What is IIS 6?

Answer: IIS 6 is a version of Internet Information Services, which is a web server software that runs on Windows Server 2003. IIS 6 supports various protocols, such as HTTP, HTTPS, FTP, SMTP, and NNTP, and allows you to host and manage websites and web applications.

Question: What is SSL?

Answer: SSL stands for Secure Sockets Layer, which is a protocol that encrypts and secures the communication between a web server and a web browser. SSL uses certificates to verify the identity of the web server and the web browser, and to establish a secure connection.

Question: What is the difference between HTTP and HTTPS?

Answer: HTTP stands for Hypertext Transfer Protocol, which is a protocol that transfers data between a web server and a web browser. HTTP is not secure, because the data is transferred in plain text, which can be intercepted and modified by attackers. HTTPS stands for Hypertext Transfer Protocol Secure, which is a protocol that transfers data between a web server and a web browser using SSL. HTTPS is secure, because the data is encrypted and authenticated by SSL, which prevents attackers from intercepting and modifying the data.

Summary

In this article, we have learned how to replace self-signed certificate by CA certificate for internal website on IIS 6. We have explained what a self-signed certificate and a CA certificate are, and why we need to replace the former by the latter. We have also shown you how to obtain a CA certificate from a trusted authority, how to install the CA certificate on your IIS 6 server, how to restart your IIS 6 server, and how to test your internal website on Chrome. We hope that this article has helped you to solve your problem and secure your internal website on IIS 6.

Disclaimer: This article is for informational purposes only and does not constitute professional advice. The author and the publisher are not liable for any damages or losses that may result from the use of the information or the procedures described in this article. The user is responsible for verifying the accuracy and suitability of the information and the procedures before applying them to their own situation. The user is also responsible for complying with any laws, regulations, or policies that may apply to their use of the information or the procedures. The user should always backup their data and system before making any changes. The user should also consult a qualified IT professional if they have any questions or doubts about the information or the procedures.