How to Install an SSL/TLS Certificate In Microsoft IIS 7

The following instructions will guide you through the SSL installation process on Microsoft IIS 7. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below.

What You’ll Need

1. Your server certificate

This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order.

2. Your intermediate certificates

These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate.

3. Your private key

This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it.

Installation Instructions

1. Launch IIS Manager

Click Start, Control Panel, Administrative Tools, and then select Internet Information Services (IIS) Manager.

2. Select your server name

In the left Connections menu, select the server name (host) where you want to install the certificate.

3. Navigate to the Security section

In the center menu, click the Server Certificates icon under the Security section near the bottom.

4. Click Complete Certificate Request

In the right Actions menu, click Complete Certificate Request.

5. Browse to your Server Certificate

In the Complete Certificate Request wizard, click “” to browse and select Your Server Certificate file that was previously saved on your server’s desktop.

6. Name your certificate

Enter a Friendly Name which is an internal reference name to distinguish the file later. We recommend including the CAs name and expiration date.

7. Click OK

Click OK and the newly installed certificate should appear in the refreshed Server Certificate List.

Note: If you receive an error during this step, please reference the “Known Error Messages in IIS 7” section below.

Binding Your Certificate to Your Website

Now, proceed with the remaining steps which will help you assign or bind the SSL certificate to the appropriate website.

1. Access your Sites folder

From the left Connections menu, expand your server’s name, expand the Sites folder, and then select the site (e.g. Default Web Site) that you want to secure.

2. Click Bindings…

In the right Actions menu, click Bindings…

3. Click Add

In Site Bindings…, click Add.

Note: If you already have the appropriate site binding created, click “Edit” and change the SSL Certificate accordingly.

4. Input the following

In Add Site Bindings, enter the following information:

  1. Type – Select “https”.
  2. IP Address – Select “All unassigned”. Now, if you have multiple IP addresses, select the correct one that applies.
  3. Port – Enter “443” unless you are listening to SSL traffic on another port (e.g. 992).
  4. SSL Certificates – Select the “friendly name” of the SSL certificate you just installed.  You can always click “View” to confirm the certificates validity details.

5. Click Ok

Click Ok to finish binding the SSL certificate to your live website.

Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.

To check your server’s configurations more thoroughly, use our SSL Checker Tool or contact our Customer Experience Department for additional assistance.

Known Error Messages in IIS 7

Microsoft IIS 7 is known to generate one of the two error messages: “Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created.” And “ASN1 bad tag value met.”

If you are certain this is the same server where you generated the CSR, then the error may be meaningless and the certificate may have correctly installed. To test this, close the dialog and click “F5” to refresh the list of server certificates. The new certificate should now be in the list, and you can continue with the next step.

However, if the newly installed certificate does not appear in the server certificate list, we recommend you re-issue the certificate with a new CSR and attempt the installation process again. Here are some instructions to guide you through the reissuance process:

1. Generate a new CSR

Generate a new Certificate Signing Request (CSR) in Microsoft IIS 7.

2. Access your Account Control Panel

Log in to your Account Control Panel.

3. Select your Active Certificate

Select your Active Certificate.

4. Click Re-Issue Certificate

Click the Re-Issue Certificate button.

5. Paste your new CSR

Paste in your new CSR.

6. Complete Domain Validation

Submit and complete domain validation again (if required).

7. Save the new certificate

Save the newly issued SSL certificate on your server’s desktop.

8. Repeat the Installation Instructions

Repeat the SSL installation process referencing the above instructions.

Manual Intermediate Installation Instructions

If the intermediate certificates did not successfully install and configure themselves accordingly, please reference the instructions below on how to manually install them in Microsoft IIS 7.

1. Open your Intermediate Certificate

Double-click the previously saved Intermediate Certificate from your server’s desktop and click Open.

2. Click Install Certificate…

In the Certificate, under the General tab, click Install Certificate… to start the importation process and then click Next.

3. Select Place all certificates in the following store

Select Place all certificates in the following store and click Browse.

4. Check Show physical stores

Check the Show physical stores box.

5. Expand Intermediate Certification Authorities

Expand the Intermediate Certification Authorities folder.

6. Select Local Computer

Select Local Computer, click OK, then Finish.

7. Restart your server

Restart your Microsoft IIS server.

Was this article helpful?

Related Articles