Here, we have assumed that you have a Windows VPS and want to install Cloudflare SSL on it.
To install Cloudflare SSL Certificate on the domain or website, first, you need to generate a CSR key from the VPS. Below are the steps to generate a CSR key from the Windows VPS.
Create a Certificate Request from your Windows Server
Step 1: Open Internet Information Services (IIS) Manager from the VPS through Control Panel -> Administrative Tools.
Step 2: Select your server from the Connections and open Server Certificates
Step 3: From the Server, Certificates Actions, select Create Certificate Request
Step 4: Fill in the following form with your details:
Common name: [Enter the domain name on which you want to install the SSL Certificate]
Step 5: Set the settings for the Cryptographic service provider of the certificate; the bigger the length of the certificate, the better the security, but it makes the server slower.
Step 6: Specify the filename of the text file where you will save the certificate request.
Create the certificate from Cloudflare using the certificate request that you created from your Windows Server
- Open your Cloudflare account.
- Select your domain.
- Open the SSL/TLS tab and click on Origin Server to create the certificate.
Step 2: Select the option ‘I have my private key and CSR’ where you will Copy-Paste the certificate you saved on the txt file from your Windows Server, fill in the hostnames, select the expiration years, and press Next.
Step 3: Copy-Paste in PEM key format the certificate in a text file and save the file.
Add the public certificate from Cloudflare to your Windows Server.
Step 1: Copy the file with the PEM certificate from Cloudflare to your Windows Server.
Step 2: Select ‘Complete Certificate Request’ from the IIS Manager Server Certificates Actions.
Step 3: Select the PEM certificate you copied at the server and add a friendly name (e.g., the domain it covers and its expiration date of it):
Step 4: The certificate will appear on the list of the Server Certificates with the Friendly name you added to the form before.
Import Cloudflare Origin CA root certificate at your Windows server
Step 1: Copy the Cloudflare Origin CA — RSA Root certificate from the Cloudflare website, save to a file and transfer it to your Windows Server.
Step 2: Open the Certificates Microsoft Management Console (MMC) snap-in by typing mmc.exe at the command prompt (or at the run dialog that you can open by pressing the buttons Win+R).
Step 3: On the File menu, select Add/Remove Snap-in
Step 4: In the Add or Remove Snap-ins dialog box, select Certificates snap-in in the Available snap-ins list, click Add, and then select OK
Step 5: In the Certificates snap-in dialog box, select Computer account, and then select Next
Step 6: In the Select Computer dialog box, click on Finish
Step 7: Select OK in the Add or Remove Snap-ins dialog box.
Step 8: In the Certificates MMC snap-in, expand Certificates, right-click Intermediate Certification Authorities, point to All Tasks, and select Import.
Step 9: In the Certificate Import Wizard, select Next.
Step 10: In the File to Import page, select the file with the Cloudflare origin CA root certificate you saved before, and then select Next.
Step 11: Select Next at the Certificate Import Wizard.
Step 12: Select Finish at the Certificate Import Wizard.
Step 13: The certificate will appear in the Certificates list.
Use the newly created server origin certificate from Cloudflare for your website.
Step 1: Select Bindings from the IIS Manager Web Site Actions.
Step 2: Select the HTTPS binding and click Edit. Suppose you do not have an HTTPS binding, press Add... to create one like on the second screen.
Step 3: Select the new certificate at the SSL certificate dropdown list and press OK.
Force your website domain to pass through Cloudflare
Step 1: Open your Cloudflare account, select your domain, go to the DNS option and change the Proxy status for your website from DNS only to Proxied by clicking it.
Step 2: Enable Cloudflare full (strict) SSL TLS encryption mode in the SSL/TLS tab.