Install Godaddy SSL Certificate on AWS EC2 IIS


This helps with setting up https on IIS webserver hosting on an AWS EC2 windows instance. AWS EC2 gives you more flexiblity, but need more work.

You can buy SSL certificates from different vendors. AWS provides free SSL certificates if you're living in some areas in US, otherwise is 75 cents per month. But to be able to use AWS SSL, you need to setup Load Balancing or Cloud Font, which could cost monthly. I prefer to get a Godaddy "Standard SSL", which is 99 cents per month for the first year.

Since your SSL certificate is from Godaddy and IIS hosting is from Amazon, getting support becomes harder. The following steps will help.

  1. Google it online to find 99 cents per month Godaddy SSL certificate and add to your shopping card and check out.

  2. Do the SSL inital setup in your Godaddy account, it will give your CSR and Private Key files.

  3. You need to wait for an email from Godaddy that tells you the SSL certificate is ready to download. There's an instruction of install certificate, but you'll see one step in it is not working for the standard certificate.

  4. Download the zip file of the certificate, it includes a .crt file (certificate) and a .p6b file (Intermediate Certification Authority). Copy both files to your EC2 instance.

  5. Login to EC2 (You need to enable RDP in your security group for your EC2 instance). Then following the instructions in the Godaddy email to proceed step 6, 7 and 8

  6. Run "mmc" from command line, add "Certificates" snap-in, choose "Computer Account". Select Certificates->Intermediate Certification Authorities->All Tasks->Import->Select the .p7B file. (See the image below)

  7. Open IIS Information Service Manager, click the server name, double click "Server Certificates", click "Complete Certificate Request", choose the .crt file. Name the certificate as your domain name.

  8. Click the site name, add HTTPS binding, select the certificate added in step 7.

    The problem is this step. Many people complain that the certificate disappeared after they add the binding. Because this step is not working for standard certifcate. You need the next step to create .pfx file yourself.

  9. Please download OpenSSL (https://slproweb.com/products/Win32OpenSSL.html). Use the following command go generate .pfx file from your .crt file (from step 4) and private key (from step 2).

    openssl pkcs12 -export -out your.domain.pfx -inkey your.domain.key -in your.domain.crt

  10. Import the .pfx file generated in IIS, and add HTTPS binding that the new certificate.



    After this step is done, when you access your website, even without typing "https", the url shows "https" after the page is displayed.

  11. Display your SSL Certificate security seal

    Your SSL certificate provider will give you some options to download an SSL certificate seal. This is a piece of html code to put in the footer of your page, it will shows a small logo on your page. It's a good idea to check the terms of different options. For example, Godday provides its own seals and McAfee seals. They're both free, but McAfee ones has a limit of monthly requests.