For production environments, obtain a domain certificate from a trusted certificate authority. Import the certificate to the trusted root certificate store of all machines on which you intend to install the Website Component and Manager Service (the IIS machines) during the IaaS installation.
On Windows 2012 machines, you must disable TLS1.2 for certificates that use SHA512. For more information about disabling TLS1.2, see Microsoft Knowledge Base article 245030.
- Obtain a certificate from a trusted certificate authority.
- Open the Internet Information Services (IIS) Manager.
- Double-click Server Certificates from Features View.
- Click Import in the Actions pane.
- Enter a file name in the Certificate file text box, or click the browse button (…), to navigate to the name of a file where the exported certificate is stored.
- Enter a password in the Password text box if the certificate was exported with a password.
- Select Mark this key as exportable.
- Click OK.
- Click on the imported certificate and select View.
- Verify that the certificate and its chain is trusted.
If the certificate is untrusted, you see the message, This CA root certificate is not trusted.Note:
You must resolve the trust issue before proceeding with the installation. If you continue, your deployment fails.
- Restart IIS or open an elevated command prompt window and type iisreset.