oSoftware

To begin with, this probably works on earlier versions of IIS and Windows Server but this was the environment I used on the day I finally accomplished what seemed to be an impossible/costly task.

Let me remind you that you should probably just buy an SSL cert for your business ventures from Comodo for example. I used them in the past and the setup was a breeze. However, if you are developing an idea / you are a start up / you are just plain tight with cash then this post should help you.

Go to https://www.sslforfree.com

Enter domain(s) to be secured here.

You can enter [space] separated domains so it may be a good idea to think of all your sub domains and do them in one order.

Click “Create Free SSL Certificate”

In the next frame, click “Manual Verification”. You can use the other two options as well but I am not covering those in this post.

Then click the smaller Manual verification button (green below)

Download all the verification files highlighted in red.

In reality, your sub domains could be targeting different sub directories on your web server but I found it easier to initially point all my domains to the same site.

This helps because you can drop all the files you downloaded above into the same directory just for verification purposes.

In my example, I dropped them all into C:\inetpub\wwwroot.well-known\acme-challenge

To make it easy for you, clone this repo https://github.com/ozzy432836/Free-SSL-Windows-IIS into C:\inetpub\wwwroot

Note the web.config included has been setup to allow the reading of static content.

Copy the downloaded verification files into your newly created directory  C:\inetpub\wwwroot.well-known\acme-challenge

You should test that you can access the files via your browser by clicking the links provided by the SSL For Free site (second box highlighted in red below).

Assuming you can successfully navigate to those links in your browser, scroll further down and click “Download SSL Certificate”

The download will fail if you were not able to navigate to the test links in your browser.

You should have a downloaded zipped folder at this stage. Unzip it and you should find 3 files inside.

certificate.crt

ca_bundle.crt

private.key

This is the bit where I am hacking two SSL Free tools together.

Included in your download is a StartComTool.exe. If you don’t trust my downloaded file then grab it from here https://www.startssl.com/Account but you have to create an account and sign up first. It is another free SSL service but I could not get theirs working.

Using the StartCom Tool, you will be able to generate a .pfx file.

Run the .exe and click “Certificate”

Browse for your cerificate.crt and your private.key files

Select export PFX

Click submit

Another file should have appeared in your downloaded cert files folder. It should end with .pfx.

Now all you have to do is import this file into IIS.

You can achieve this by going to your root server (1) in IIS and then clicking on “Server Certificates”.

In the next screen, click “Import” (2) and then browse for the .pfx file you just generated (3). Leave the password blank, choose “Personal” for the Certificate store, tick the check box and select OK.