(only 5 minutes)
 

Standard SSL Certificates for Intranets (Windows/IIS Guide) Full browser trust for a single internal hostname

A standard SSL certificate is the simplest way to secure a single internal hostname with HTTPS. Unlike self-signed certificates, it's issued by a trusted certificate authority (CA) and won't trigger browser warnings. This guide shows you how to purchase, validate, and install one in IIS.

Standard SSL certificates are the simplest way to secure a single internal hostname, and they're essential for meeting compliance and audit-ready requirements for banks and credit unions. Need to cover multiple hostnames or find a free option? See our guides on wildcard SSL and self-signed certificates.

What You'll Need

  • An internal hostname using a standard TLD (e.g., intranet.example.com)
  • Access to your domain's DNS records for validation
  • Admin access to your intranet server (Windows + IIS)

Step-by-Step: Installing in IIS

First you'll need to choose a Certificate Authority (CA) - select a trusted CA like DigiCert, Sectigo, or GoDaddy. Confirm they support internal domains if your hostname isn't public.

  1. Open IIS (Internet Information Services) on your server.
  2. Navigate to Server Certificates

    In the left pane, expand the SERVERNAME, and then 'Sites'. Click the affected site, then - in the middle pane - doubleclick the 'Server Certificates' icon.

  3. Generate a Certificate Signing Request (CSR)
    In the right pane, click 'Create Certificate Request...'; this will display a form that needs to be filled out completely.

    ⚠ The Common Name must match the exact hostname users will type (e.g., intranet.simplifyit.com). If it doesn't, browsers will display a certificate mismatch error and you'll have to redo the process.

    Click the 'Next' button, and save the resulting string in Notepad (or similar). You'll need it later.

  4. Submit the CSR

    Your certificate authority will provide instructions - but this step is often misunderstood. You'll use the string generated earlier to generate the certificate that will be downloaded. With GoDaddy, for instance, it's just a textbox that you paste into.

  5. Validate Ownership

    If your registrar and SSL provider is one in the same, then you likely won't have to validate ownership of the domain. But if you, just following the instructions (either a DNS record, or a simple txt file pasted in the root of the external domain site).

  6. Download Your Certificate Files

    Once issued, follow instructions from your CA to download the certificate file (often a zip that includes a .crt or .p7b file).

  7. Install the SSL Certificate in IIS
    • Back in IIS on the server - click the 'Complete Certificate Request...' in the far right Actions pane. select the certificate file.
    • File Name: Click ... and browse to the .crt or .cer file you extracted from the ZIP.
    • Friendly Name: Enter a name that will help you recognize this certificate later (e.g., 'Intranet SSL - Exp [Date]').
    • Certificate Store: Typically, the default store (Personal) is used.
    • Click OK to install the certificate.
  8. Bind the Certificate to HTTPS
    • In the far right Actions page, click 'Bindings...'
    • Click the 'Add...' button.
    • For type, select 'https'; the port should change to 443 (the default).
    • In the 'Host name' field, enter the same value as the Common Name from above (for example, intranet.simplifyit.com).
    • If the name of the internal server doesn't match the cert's url, for instance - server name is serverint-01, but the FQDN is intranet.simplifyit.com - then you'll need to add a DNS record to match (just the FQDN and the IP of this server).
    • In the 'SSL Certificate' dropdown, select the SSL certificate you just created.
    • There's a checkbox for 'Require Server Name Identification'; check that box if you have multiple sites and multiple SSL certificates.
  9. Redirect HTTP to HTTPS

    Use IIS URL Rewrite to force all users onto HTTPS (see sample rules below).

Redirect HTTP to HTTPS (IIS / web.config)

To enforce HTTPS, add this rewrite rule to your web.config:

<rewrite>
  <rules>
    <rule name="Redirect to HTTPS" enabled="true" stopProcessing="true">
      <match url="(.*)" />
      <conditions>
        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
      </conditions>
      <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
    </rule>
  </rules>
</rewrite>

Pros and Cons of Standard SSL

  • Pros: Full browser trust, simple for single-host intranets
  • Cons: Only covers one hostname; internal-only names may not qualify

Common Questions

What is a standard SSL certificate?
A standard SSL certificate (sometimes called single-domain) is issued by a trusted public certificate authority for one specific hostname, such as intranet.example.com. It provides full browser trust without warnings.
Can I use a standard SSL certificate for internal hostnames?
Yes, but only if the hostname uses a standard domain (like .com or .net). Internal-only names such as intranet.local usually can't be validated by public certificate authorities.
What's the difference between standard and wildcard SSL?
A standard SSL certificate only covers a single hostname (e.g., intranet.example.com). A wildcard SSL covers all subdomains (e.g., *.example.com). If you only need one internal URL, a standard cert is cheaper.
How do I validate ownership for internal domains?
Most certificate authorities require you to add a DNS record or respond to an email at the domain. If the domain is not public, you may need to complete additional validation steps.
Can I install a standard SSL certificate in IIS?
Yes. Once you purchase the certificate and complete validation, you can use the 'Complete Certificate Request' option in IIS Manager to install it.
Do I need to distribute any root certificates?
Not usually. Since standard SSL certificates are issued by public certificate authorities, browsers and operating systems already trust the root and intermediate certificates.
When should I use a wildcard or internal CA instead?
If you have multiple internal hostnames, need centralized revocation, or your intranet domain isn't publicly resolvable, a wildcard certificate or internal certificate authority is the better option.

Related Links

 
 

45 Minutes for an Answer? How Slow Knowledge Access Hurts Customer and Member Service

Published July 30, 2025

Your frontline staff can't deliver great customer or member service if they can't find answers quickly. Learn how instant intranet search helps banks and credit unions avoid frustrating delays and stand out with faster, more accurate service.

Document Management for Banks: Get Control of Your Content Before Auditors Do

Published July 29, 2025

Shared drives and email chains aren't enough. See how banks and credit unions can centralize, control, and maintain documents using a modern intranet-driven document management approach.

Why Bank Employee Onboarding Fails Without Automation

Published July 28, 2025

Manual onboarding creates compliance gaps and delays. Learn why banks need automated onboarding to keep IT, HR, and compliance aligned from day one.

Popular Pages
 
SharePoint AlternativeForm BuilderBank IntranetsCredit Union IntranetsBank Help DeskDocument RepositoryU.S. Based Banking IntranetData-Secure Intranet for Banks & Credit Unions
 
✦ trusted in banking since 2004 ✦