Configure SSL for the Default Web Site on the Keyfactor Command Server

Once you have acquired an SSLClosed TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. certificate for Keyfactor Command and installed IIS, you can open the IIS Management Console and associate the certificate with the Default Web Site. You can do this either before or after installing Keyfactor Command.

To import your SSL certificate and associate it with the Default Web Site:

  1. Open the IIS Manager MMC snap-in.
  2. Navigate to the connection for the current host. (The top level in IIS.)
  3. On the current host Home page, open (double-click) Server Certificates. If your SSL certificate already appears in this list, you can skip steps 4-7.
  4. On the Server Certificates page, select Import… under Actions.
  5. In the Certificate file (.pfx) field, choose the browse option and navigate to the .pfx or .p12 file containing your certificate.
  6. Enter the password for your certificate, select the Personal Certificate Store, check the Allow this certificate to be exported box if desired, and click OK.
  7. Your certificate should now appear in the list of Server Certificates. Confirm that the Issued To column shows your certificate name correctly (e.g. keyfactor.keyexample.com).
  8. Navigate to the Default Web Site and on the Default Web Site Home page, select Bindings… under Actions.
  9. In the Site Bindings dialog, highlight the https entry if it exists and choose Edit. If an https entry does not exist, click Add.
  10. In the Edit Site Bindings dialog, select https in the Type dropdown (this will already be selected and grayed out if you selected Edit in the previous step), select the certificate you just imported in the SSL certificate dropdown box, and click OK.

Note that these instructions assume that your SSL certificate has been provided in PKCS12 format file. If you are requesting a certificate directly from an on-premise CAClosed A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. through IIS or are generating a CSRClosed A CSR or certificate signing request is a block of encoded text that is submitted to a CA when enrolling for a certificate. When you generate a CSR within Keyfactor Command, the matching private key for it is stored in Keyfactor Command in encrypted format and will be married with the certificate once returned from the CA. through this IIS installation to submit to a CA, the configuration steps will be different.