How to Install a Wildcard SSL Certificate for Your Internal Intranet
Wildcard SSL certificates can be used to secure multiple subdomains - including internal services like your intranet. Here's how to install one for internal use.
Option 1: You Already Have the Wildcard Certificate
If your organization already uses a wildcard SSL certificate on another server (e.g. for your public website), you can export it and reuse it internally:
- On the existing server, open mmc.exe and add the Certificates snap-in for the Computer account
- Find the certificate under Personal > Certificates
- Right-click → All Tasks → Export
- Choose Yes, export the private key, select
.pfx format, and add a password - Transfer the
.pfx file to your intranet server - In IIS Manager on the intranet server, go to Server Certificates → Import
- Select the
.pfx file and enter the password - Bind the certificate to your site under Bindings
Option 2: Generate a Certificate Signing Request (CSR)
If you want to request the wildcard certificate directly from this server, follow these steps:
- Open IIS Manager → click your server → Server Certificates
- Click Create Certificate Request
- Use
*.yourdomain.local as the common name (if that matches your internal structure) - Fill out the organizational details and click Next
- Choose Microsoft RSA SChannel, 2048-bit
- Save the request and submit it to your certificate authority (CA)
- After approval, return to Server Certificates and click Complete Certificate Request
- Bind the new certificate to your intranet site in Bindings
Redirect HTTP to HTTPS (IIS / web.config)
After setting up your self-signed SSL certificate, you'll want to make sure all users are redirected to the secure HTTPS version of your intranet. You can do this using IIS URL Rewrite rules.
Step-by-Step:
- Make sure the URL Rewrite Module is installed on your IIS server.
- Open or edit your site's
web.config file. - Inside the
<system.webServer> section, add the following:
<rewrite>
<rules>
<rule name="Redirect to HTTPS" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
Once saved, all HTTP requests will automatically redirect to HTTPS.
Common Questions
What is a wildcard SSL certificate?
A wildcard SSL certificate allows you to secure all subdomains under a single domain. For example, a certificate for *.example.com will cover intranet.example.com, mail.example.com, and so on.
Can I reuse a wildcard certificate from another server?
Yes. You can export the certificate with its private key from the original server (in .pfx format) and import it into your intranet server using IIS.
What's the difference between a wildcard and a SAN certificate?
A wildcard certificate secures all subdomains under a single domain, while a SAN (Subject Alternative Name) certificate explicitly lists each domain or subdomain to secure.
Do I need a public wildcard certificate for internal use?
Not necessarily. For purely internal use, you can issue your own certificate through an internal CA. However, using a publicly trusted wildcard certificate helps avoid browser trust issues.
How do I redirect HTTP to HTTPS on my intranet?
Use the IIS URL Rewrite Module and add a redirect rule in your web.config file to ensure all traffic is forced over HTTPS.
← Back to SSL Setup Overview
