How to Obtain and Configure a Free SSL Certificate for a Mini Program (IIS)

The author, a senior architect, shares a step‑by‑step process for enabling HTTPS on a mini‑program that requires a valid SSL certificate.

Step 1 – Apply for an SSL certificate : Use a free service such as https://freessl.cn/ to request a certificate. Choose the offline generation option, which requires domain verification via a client tool; Alibaba Cloud’s one‑click generation is not supported for mini‑programs.

Step 2 – Export the certificate : After verification, the service downloads a ZIP package containing the certificate files. The author demonstrates the export process with several screenshots and notes that the downloaded package is a PFX file suitable for Windows/IIS.

Step 3 – Configure IIS : Open the IIS management console (not the Tomcat folder) and import the PFX file. The server configuration should include the following settings:

server:
  port: 443
  ssl:
    key-store: classpath:aaaaa.pfx
    key-store-password: yourpassword
    keyStoreType: PKCS12

The password is the one set during the export step; any matching password works. Ensure the filename matches the configuration reference.

Additional notes: If the web‑based verification hangs, switch to the one‑click option and select “I am not an Alibaba Cloud user” to use the client‑based verification, which resolves the issue quickly. The author also invites readers to discuss and share their own experiences.