Get free SSL certificate from Let’s encrypt and install on IIS 7.5

This is instruction how easly and fast generate new certificate and private key for Your website and install it on windows server 2008 with IIS 7.5.

Create certificate and private key

Go to page and type url address to Your website in input. Then choose an option to verify the website is Yours. I chose last option, verify manually by set txt record in my DNS section. Create records in DNS section and verify It. After few second You can download new certificate, private key and CA. Save it on disk.

Prepare .pfx file to use on IIS

In this step we need to use tool named „openssl”. You can download this tool from my server (here) or find it in the internet. Run command line and go to open ssl directory. Then run this command

openssl pkcs12 -export -out output_cert.pfx -inkey path_to_private_key -in path_to_cert_file

Install certificate on IIS

Run IIS in server option choose Certificates then click import from right side menu. Last thing is to change firendly/common name. Click start and run mmc. Click file -> Add snapshot -> certificates -> personal -> for this computer. Click by right mouse button on current certificate and change firendly name to *.domain.ex format.

Create private, public key and signature file using open-ssl

  1. Download OpenSSL –
  2. Create private key: genpkey -algorithm RSA -out private.pem -pkeyopt rsa_keygen_bits:2048 or with password genpkey -algorithm RSA -out private.pem -aes-128-cbc -pass pass:test -pkeyopt rsa_keygen_bits:2048
  3. Create public key: rsa -pubout -in private.pem -out public.pem
  4. Create signature file: dgst -sha1 -sign private.pem -out test.sign test.txt
  5. Verify: dgst -sha1 -verify public.pem -signature test.sign test.txt