In this tutorial, I will show you how to install SSL certificate in IIS 8.0. To communicate securely over the web requires the use of encryption on the messages passed back and forth.  Encryption on the web is accomplised through the use of Transport Layer Security (TLS). Http traffic layered over SSL/TLS is called Https.  It would be all too easy to venture down the rabbit hole and explain in great detail how TLS establishes a secure connection, but the crypto minutia is likely a bit out of scope for the purposes of this discussion.  However, a basic understanding of the mechanisms used by TLS to secure the communication channel will make understanding the use of SSL certificates much easier.

TLS uses public key cryptography, which requires the distribution of a public key.  This public key is transmitted as part of an SSL certificate, along with other identifying information meant to establish trust that a server is who it is supposed to be (and not a malicious eavesdroper).  While it is possible to create self-signed certificates, browsers do not trust these certificates and will give users dire warning when they are encountered (this would be like me printing my own drivers license and saying "See, I am who I say I am... really!").  For a certificate to be trusted, it must be issued by a trusted Certificate Authority (CA).  When a secure connection is made using a trusted certificate, most browsers will display an indicator that the connection is secure.  In Chrome, clicking the green lock icon will reveal information regarding the details of the connection:

And this is what a self-signed certificate will get you:

So to fully take advantage of Https you need to have a certificate from a trusted CA (Symantec [GeoTrust, VeriSign], Comodo, GlobalSign, etc).  Getting a certificate involves first creating a Certificate Signing Request (CSR).  IIS has the capability of creating a CSR, and their are other tools available, including the linux command line using OpenSSL.  This is what it looks like in IIS:

You'll transmit the CSR in one form or another to the CA you are getting your certificate from, and after they've performed whatever level of due diligence they'll send you your SSL certificate.  Once you have the certificate, you'll need to install it on the server hosting your site.  For .NET based web applications, that likely means IIS or Azure.

• Installing SSL Certificate in IIS 8.0

In IIS Manager, under Server Certificates, there is an option for "Complete Certificate Request".  Here you'll browse to the *.cer file that contains your certificate, add a friendly name to make management easier it doesn't change anything in the certificate and add the certificate to the Personal certificate store.  This installs the certificate to the server.  To use it in your site, you have to bind it.  Navigate to the site settings in IIS, go to bindings, and add a binding for https using port 443 and the created certificate.

• Using Https in the application

Using the URL Rewrite rule described in the Azure SSL instruction involved adding this rule to the web.config file:

<system.webServer>
  <rewrite>
    <rules>
      <rule name="Force HTTPS" enabled="false">
        <match url="(.*)" ignoreCase="false"/>
      <conditions>
        <add input="{HTTPS}" pattern="off"/>
      </conditions>
        <action type="Redirect" url="https://{HTTP_HOST}/{R:1}"
                appendQueryString="true" redirectType="Permanent"/>
      </rule>
    </rules>
  </rewrite>
  </system.webServer>

In MVC, using the [RequireHttps] attribute gives fine grained control over what portions of the site will need to use https:

[RequireHttps]
public ActionResult About()
{
    ViewBag.Message = "Your application description page.";
 
    return View();
}

HostForLIFE.eu IIS 8 Hosting

HostForLIFE.eu revolutionized hosting with Plesk Control Panel, a Web-based interface that provides customers with 24x7 access to their server and site configuration tools. Plesk completes requests in seconds. It is included free with each hosting account. Renowned for its comprehensive functionality - beyond other hosting control panels - and ease of use, Plesk Control Panel is available only to HostForLIFE's customers. They offer a highly redundant, carrier-class architecture, designed around the needs of shared hosting customers.

Internet Information Services (IIS) 8.0 Express is a free, simple and self-contained version of IIS that is optimized and available for developers. IIS 8.0 Express makes easy to use the most current version of websites tools like Visual Studio and WebMatrix. IIS 8.0 Express has all the core features of IIS as well as additional features for easy website development which includes:

- IIS 8.0 Express doesn't run as a service or require administrative privileges to perform most tasks.
- IIS 8.0 Express allows Multiple Users to work independently on the same computer.
- IIS 8.0 Express works well with ASP.NET and PHP applications.

IIS 8.0 is only available in Windows Server 2012 and Windows 8. It includes Application Initialization, centralized SSL certificate support, multi core scaling and also other new features.

Previously, we have discussed about new features in IIS 8. Now I will show more information about this new features.

1. FTP Logon Attempt Restrictions

This module ensures the security and manageability. Due to this feature you can now use greylisting and access patterns enabling you to smoothly and dynamically manage access for number of sites to the internet and FTP servers.

2) Improved CPU Throttling

In IIS8 there are kernel level changes to support real CPU throttling. There are two actions possible for sites that reach the CPU threshold. These are:

• Throttling is based on the user and not specifically on the application pool. The throttle feature will keep the CPU for a particular worker process at the specified level.
• Throttle under load will allow a site to use all possible CPU, while throttling the worker process if the server is under load. If you used WSRM (Windows System Resource Manager) in the past, you no longer need to do so.

3. Application Initialization Module

Priorly known as the application warm-up module which was used for a time, and now it is completely ready as Application Initialization Module. This allows loading sites and pages before the traffic arrives and handling of requests in a friendly and more smoother way while the application first loads. It is possible to set up home page or use URL rewrites.

4. SSL scalability

In previous versions of IIS each SSL (Secure Socket Layer) site required its own IP address, and since each certificate was loaded into the memory on the first visit to an SSL site, startup performance can be slow. In IIS8 the SSL certificate is easily scalable to thousands of secure sites per system because only the certificate that is needed is loaded. Additionally, also loading of large numbers of certificates is essentially improved.

5. SNI / SSL host header support

Using host headers and a shared IP address with SSL certificate has always been ambiguous. IIS8 now offers Server Name Indication (SNI) support through which many SSL sites can share the same IP. SNI is a pretty new feature which allows host headers to work with SSL. The most recent browsers are supporting SNI.

6. Use ASP.NET 3.5 and 4.5

IIS 8.0 on Windows Server 2012 runs ASP.NET applications on all .NET Framework versions supported on Windows Server 2012. This means ASP.NET applications can run on IIS 8.0 using either .NET Framework 3.5, or .NET Framework 4.5. IIS 8.0 hosts versions of the .NET Framework in different application pools, thus allowing multiple ASP.NET applications with different .NET Framework versions to run simultaneously on Windows Server 2012.

7. Web Sockets

Allows you to build more interactive and powerful web applications because of a continuous and bidirectional communication between the web browser and the web server. Web Sockets require Windows Server 2012 or higher versions.

8. Dynamic IP Restriction (DIPR)

With DIPR we can Customize IIS reply like Unauthorized (HTTP 401), Forbidden (HTTP 403), Not Found (HTTP 404), or Abort (IIS terminates the HTTP connection). Also we can allow or deny specific IP address or a range of IP addresses, even if they violate a dynamic restriction setting. We can block dynamic IPs based on the number of concurrent requests or the number of requests over a period of time.Finally it is a very useful feature for web servers behind firewall, because of the proxy mode property that enables IIS to cross checks the values in the X-Forwarded-For HTTP header. So it can verify the IP address of the client who initially made the request.

9. Multicore Scaling on NUMA hardware

Internet Information Services (IIS) on Windows Server 2012 supports Multicore Scalling on NUMA hardware and provides the optimal configuration for the IT administrators. Following options describes the different configuration options to achieve the best performance with IIS 8.0 on NUMA hardware.IIS supports following two ways of partitioning the workload:

• Run multiple worker processes in one application pool: If you are using this mode, by default, the application pool is configured to run one worker process. For maximum performance, you should consider running the same number of worker processes as there are NUMA nodes, so that there is 1:1 affinity between the worker processes and NUMA nodes. This can be done by setting "Maximum Worker Processes" AppPool setting to 0. Due to this setting, IIS determines how many NUMA nodes are available on the hardware and starts the same number of worker processes.
• Run multiple applications pools in single workload/site: In this configuration, the workload/site is divided into multiple application pools. For example, the site may contain several applications that are configured to run in separate application pools. Effectively, this configuration results in running multiple IIS worker processes for the workload/site and IIS intelligently distributes the processes for maximum performance.