How to Install a TLS/SSL Certificate In Microsoft IIS 10

The following instructions will guide you through the SSL installation process on Microsoft IIS 10. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our IIS 10 CSR Generation Instructions and disregard the steps below.

What You’ll Need

1. Your server certificate

This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order.

2. Your intermediate certificates

These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate.

3. Your private key

This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it.

Installation Instructions

1. Access Server in IIS

Launch IIS Manager and click the server name in the Connections menu on the left.

2. Open Server Certificates Manager

On the Home page for the server, locate the IIS section in the center window and double-click Server Certificates. The Server Certificates control panel will open in the center window.

3. Open Complete Certificate Request Wizard

On the Actions menu on the right, click Complete Certificate Request… The Complete Certificate Request wizard will open in a new window.

4. Specify Certificate Authority Response

  1. Click the  button to locate your certificate on your PC and add it into IIS.
  2. The Friendly Name should be something that helps you easily identify the certificate, such as the domain name, certificate authority, and expiration date, i.e. “ Sectigo 12/25/2020”
  3. Finally, select Web Hosting as the certificate store and click OK to import your certificate.

5. Set Certificate Bindings

  1. Return to the server home page in IIS. In the left-side Connections menu, expand Sites and then click on the site that needs the SSL installed.
  2. On the Home page for the website, in the right-side Actions menu, locate Edit Site and click Bindings… The Site Bindings window will open.
  3. If you are installing an SSL certificate for the first time, click Add to create a new binding. If you are replacing an old certificate, click the existing binding and then click Edit.
  4. In the Add Site Bindings window, select the following:

Type: https

IP Address: Select your site’s IP Address or All Unassigned.

Port: 443

Host Name: Not required for single name certificate installation.

If you are installing more than one certificate, or installing the certificate on more than one website, enter the host name (domain) that you want to secure and check the box to Require Server Name Indication.

SSL Certificate: Select your site’s certificate from the drop-down menu.

When all settings are configured, click OK.

Your certificate should now be installed. You can navigate to your site in a web browser to check for the padlock, or use an online SSL Checker tool to verify the installation.

Was this article helpful?

Related Articles