I have two AD servers in a domain, both running Windows Server 2019, the second is a Core server configured as a RODC.
I have the main server working as a Certification Authority, where I'm supposed to issue the certificates for the internal websites that are running on the Core server.
I need to enable SSL on the websites that are running on the Core server, but using the certificates generated on the main server, so far I haven't found a way to do that.
The closest I got was through the "Certificates" MMC snap-in, but when I try to import the .pfx file I get the notification that importing a .pfx file to a remote certificate store is not supported.
How can I assign these certificates, that are issued and located in the main server, to the websites running on IIS in the Core server?
SSL Certificate – Transfer SSL Certificate from Windows Domain Controller CA to IIS
certificate-authorityiis-10ssl-certificatewindows-server-2019windows-server-core
Related Topic
- Domain Controller promotion and certificate autoenrollment
- How to install (update) SSL certificate for a website in Windows NLB cluster
- Iis – The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer) Firefox
- IIS not sending intermediate SSL certificate
Best Answer
You can install the PFX on Server Core installation using
certutil.execommand-line tool:provide a password for PFX when prompted. Then you can connect remotely to IIS server using IIS Management Console and create HTTPS binding for website.