Contact us at |support@ssldragon.com

How to install an SSL Certificate in IIS?

Thursday, January 10th, 2019

This guide will show you how to install an SSL Certificate in IIS Microsoft server. Before installing the certificate, you need to generate a CSR (Certificate Signing Request) for IIS which we also cover in great detail. By the end of this guide, you’ll have a perfectly running SSL installation. You will also learn a few interesting facts about the timeline of the ISS server and all its versions. Finally, we’ll give you a few tips on where to buy and how to find the perfect SSL certificate for a Microsoft IIS server.

Click the links to jump to your version of IIS server or to other parts of our comprehensive guide.

How to generate a CSR code in Microsoft IIS 5 & 6?
How to generate a CSR code in Microsoft IIS 7?
How to generate a CSR code in Microsoft IIS 8 & 8.5?
How to generate a CSR code in Microsoft IIS 10?
Install an SSL Certificate in IIS 5 & 6
Install an SSL Certificate in IIS 7
Install an SSL Certificate in IIS 8 & 8.5
Install an SSL Certificate in IIS 10
How to add root and intermediate certificates via MMC?
Test the SSL installation
Microsoft IIS server history and versions
Where to buy an SSL Certificate for Microsoft IIS Server?

Your first step is to generate a CSR code for the IIS server. Follow the steps below exactly as outlined. Make sure you’re logged in as Administrator on the local computer or have the permissions to perform this task.

How to generate a CSR code in Microsoft IIS 5 & 6?

  1. Click the Start menu. From the Control Panel select Administrative Tools and open the Internet Information Services
  2. In the right side menu, right-click on Default Website then select Properties
  3. In the Default Web Site Properties window select the Directory Security Tab and click Server Certificate
  4. In the following IIS Certificate Wizard select the first option Create a new certificate and hit Next
  5. Now, select Prepare the request now, but send it later and click Next
  6. In the next window, type a name for your certificate and select 2048 for the bit-length. Leave the other boxes unchecked and hit Next
  7. Enter the officially registered name of your company (for BV and EV certificates). If you bought a DV certificate, type N/A. Don’t leave this field blank. In the organizational unit box, select IT or Web. For DV Certificates, type N/A. Click Next
  8. Now, in the Common Name field, enter the FQDN (fully qualified domain name) for your website; e.g. www.ssldragon.com
  9. Fill in the Country/region, State/province and City/locality fields with the legal location of your company. Click Next
  10. Choose a file name and save location for your CSR (save it as a text file in the .txt format) and hit Next
  11. Double-check the information is correct and up-to-date. Click Next to generate the CSR file
  12. Open the downloaded CSR file with a text editor such as Notepad, then copy the whole text including the —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– tags, and paste it during the order process with SSL Dragon
  13. After the Certificate Authority sends you the SSL Certificate, you can install it.

How to generate a CSR code in Microsoft IIS 7?

  1. Press Win+r, enter inetmgr in the “Open” box and then click ok. Alternatively, open the Start menu, browse to the Administrative Tools and select Internet Information Services (IIS) Manager
  2. On the left, you will see the server name. Click on it and then double-click the “Server Certificates” icon
  3. On the right side, inside Actions click the “Create Certificate Request” option to open the Request certificate wizard
  4. In the first window titled Distinguished Name Proprieties fill in the fields with relevant information:

    Note: Only alphanumerical characters are allowed for the CSR information. 

    • Common Name: Enter the FQDN (fully qualified domain name) you want to secure. For a Wildcard Certificate, add an asterisk in front of the domain name; e.g. *.ssldragon.com
    • Organization: Write your company’s officially registered name. This applies to BV and EV Certificates. If you bought a DV SSL, type NA instead
    • Organizational unit: Enter your department’s name. Usually, it’s “IT” or Web”. Type NA in case of a DV certificate
    • City/locality: Add the city where your company is legally located. Repeat the same step for the State/province and Country/region fields
  5. Double-check all the information and click Next
  6. On the following Cryptographic Service Provider Properties window, in the drop-down lists choose Microsoft RSA SChannel Cryptographic Provider and for the Bit length select 2048-bit. Click Next
  7. On the next File Name window, under the Specify a file name for the certificate request, click the three-dotted button to provide a Save location and a file name for the CSR. Click Finish

    Note: The default save location for the CSR is C:\Windows\System32.

  8. Open the generated CSR file with a text editor of your choice (Notepad for example), then copy the whole text including the —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– tags, and paste it during the order process with SSL Dragon
  9. Wait for the Certificate Authority to validate your request and issue the SSL Certificate. After you receive it, you can proceed with the installation.

How to generate a CSR code in Microsoft IIS 8 & 8.5?

  1. Press Win+r, then type inetmgr and click ok. Alternatively, open Internet Information Services (IIS) Manager from the Start menu
  2. In the Connections menu (left side) select the server and then, in Home menu open the Server Certificates icon
  3. In the Actions menu (right side), click on Create Certificate Request
  4. A new window (Distinguished Name Properties) will open. Here, you need to submit the required information. Please use only alphanumeric characters and follow the examples below:
    • Common Name: Enter the FQDN (fully qualified domain name) you want to secure. For a Wildcard Certificate, add an asterisk in front of the domain name; e.g. *.ssldragon.com
    • Organization: Type your company’s officially registered name (for BV and EV certificates). If you have a DV certificate, type NA
    • Organizational unit: Enter your department’s name. Usually, it’s “IT” or Web, and NA for DV SSL
    • City/locality: Add the city where your company is legally located. Repeat the same step for the State/province and Country/region fields
  5. Double-check the information and click Next
  6. The Cryptographic Service Provider Properties window will open. Select Microsoft RSA SChannel Cryptographic Provider for the first box, and 2048 for the bit length. Click Next
  7. In the File Name window choose a file name and a save location (the default save location for the CSR is C:\Windows\System32.) for the CSR and press the Finish button
  8. Use a text editor such as Notepad to open the newly created CSR file. Copy the entire text including the —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– tags, and paste it into your order form
  9. Now, all you have to do is wait for the CA to validate your request. When you receive the certificate, you can continue with the installation.

How to generate a CSR code in Microsoft IIS 10?

  1. Press the Win+r hotkey and type inetmgr into the open field to launch the Internet Information Services (IIS) manager. You can also open it via the Windows Start menu, by typing “Internet Information Services (IIS) Manager”
  2. Next, click the server in the left Connections menu, and double-click the Server Certificates in the Home menu
  3. Now move your cursor to the right side of the window and, under the Actions, click Create Certificate Request
  4. A new window – Distinguished Name Properties – will pop up. Fill in all the fields (only alphanumerical characters are allowed) with relevant information as shown below:
    • Common Name: Enter the FQDN (fully qualified domain name). For a Wildcard Certificate, add an asterisk in front of the domain name; e.g. *.ssldragon.com
    • Organization: Enter the legal name of your organization (for BV and EV certificates). For DV certificates type NA
    • Organizational unit: Enter the department responsible for SSL Certificate installation. Usually, it’s IT or Web Security
    • City/locality: Add the city where your company is legally located. Repeat the same step for the State/province and Country/region fields
  5. Verify your information one more time and click Next
  6. The Cryptographic Service Provider Properties window will appear. Choose Microsoft RSA SChannel Cryptographic Provider for the first parameter, and set the bit length to 2048. Click Next
  7. In the final window, specify the file name and location for your SSL Certificate. Make sure it is in the .txt format and the save location already exists. The default directory for the CSR is for the CSR is C:\Windows\System32. Hit the Finish button
  8. With help of a text editor such as Notepad, open the generated CSR file. Copy the entire text including the —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– tags, and paste it into your order form
  9. Once the Certificate Authority approves you request and sings the SSL Certificate, you can install it on the IIS server.

Install an SSL Certificate in IIS 5 & 6

Once you’ve generated the CSR, you can install it on your server:

  1. You will receive an archived zip folder form the Certificate Authority.  Download and extract the your_domain_name.cer file on your server directory
  2. Click the Start button and got to Administrative Tools under All programs. Open the Internet Services Manager
  3. Right-click the website you want to secure (e.g. Default Web Site) and left-click on properties
  4. Select the Directory Security tab and click on Server Certificate
  5. In the ITS Certificate Wizard select the first option Process the pending request and install the certificate. Click Next
  6. Now, browse to the location of your SSL Certificate (. cert file) that you previously saved on your server’s directory. Click Next
  7. Double-check the summary screen and click Next
  8. Review the information once again then hit Next, and finally Finish
  9. Restart your server now
  10. Congratulations you have successfully installed the SSL Certificate on Microsoft ISS server!

Install an SSL Certificate in IIS 7

Now, you can install the SSL certificate on the same machine where you’ve generated it, using the IIS manager. Please, follow the steps below:

  1. Open and save the certificate (.cer) file that you received from the Certificate Authority on your server
  2. Press win+r, type inetmgr and click ok to open the Internet Information Services Manager. You can also access it via Start menu >Administrative Tools > Internet Information Services (IIS) Manager
  3. Select the server in the right-side Connections menu and double-click the “Server Certificates” from the center menu
  4. On the right side, inside Actions click the “Complete Certificate Request” option to open the Complete certificate request wizard
  5. In the wizard, on the Specify Certificate Authority Response window, locate the .cer file you received from the Certificate Authority; e.g.: www_ssldragon_com.cer and give it a friendly, easy-to-remember name. The friendly name helps distinguish this particular certificate among the other certificates on the server. Tip: For easy identification specify the CA name and the expiration date on the end of your friendly name
  6. Click OK to install the certificate

    Note: If you receive the following errors: Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created” or “ASN1 bad tag value metwhen importing the certificate, don’t panic. This is a known issue in the IIS7 where the actual certificate is imported but doesn’t have a friendly name. Thankfully, Microsoft provides an easy fix. Close the error window and press F5 to refresh the list of server certificates. Click this link and follow the instructions inside.

  7. Now, you have to assign your certificate to the default website. Go to the left-side Connections menu and click on your webserver
  8. Expand the Sites folder and select the website you want to secure with this certificate
  9. Next, move to the right-side Actions menu and click on the Bindings… option under the Edit Site
  10. In the new Site Bindings window, click Add
  11. In the Add Site Binding window, add the following details and click OK
    • Type – https
    • IP address – All Unassigned, or your IP address
    • Port – 443
    • SSL certificate – friendly name of the imported certificate
  12. Congratulations! You’ve finally installed the SSL Certificate on the Microsoft IIS 7 server.

Install an SSL Certificate in IIS 8 & 8.5

After the CA validates and issues the SSL Certificate, complete the following steps:

  1. Download and extract your SSL Certificate (.cer file) to your server directory
  2. Go to Start > Administrative Tools > Internet Information Services (IIS) Manager and open it
  3. Locate your server in the left side Connections menu and double-click the Server Certificates icon
  4. Now, in the right Actions pane click on Complete Certificate Request
  5. The Complete Certificate Request window will open. Indicate the path to your .cer certificate file and add a Friendly Name (here you can type your domain, or an easy-to-remember name to avoid confusion with other requests). From the drop-down list, select Personal as your certificate store and click OK
  6. Go back to the Connections section and click to expand the Sites folder. Select the website you want to secure
  7. Hover your mouse over the top-right Actions menu and select Bindings
  8. A new Site Bindings window will pop up. Click Add
  9. In the Add Site Binding window, select the following parameters
    • Type – https
    • IP address – All Unassigned, or your IP address
    • Port – 443
    • SSL certificate – friendly name of the imported certificate
      We recommend checking the Require Server Name Indication box as it allows multiple SSL installations on the same server. Click OK and Close.
  10. Under the Manage Website click Restart
  11. Congratulations, you’ve activated the HTTPS version for your website!

Install an SSL Certificate in IIS 10

This quick guide will show you how to install your SSL certificate in IIS 10.

  1. First, you need to download and extract the certificate file that you’ve received from the Certificate Authority. Look for the file with the .cer extension and save it to your server’s directory
  2. From your keyboard, press Win +r and type “inetmgr” and click OK to open to the Internet Services (IIS) Manager. You can also launch the IIS manager via Start > Administrative Tools > Internet Information Services (IIS) Manager
  3. On the left, you will find the Connections section. Select the server and double-click the “Server Certificates” icon from the Home page
  4. On the right, locate the Actions section and select Complete Certificate Request
  5. Fill in the Specify Certificate Authority Response window as below:
    • File name containing the certification authority’s response – locate and indicate the .cer file that you received from the Certificate authority
    • Friendly Name – type your domain name, any other easy-to-remember name
    • Select a certificate store for the new certificate – Personal. Click OK
  6. Now you have to assign your certificate to your website. Go back to the Connections menu and expand the Sites folder. Select the site you want to protect
  7. Next, locate and click the Bindings option. You’ll find it in the Actions section, under the Edit Site
  8. In the next window click Add
  9. Another window will appear. Here select the following options:
    • Type – https
    • IP address – All Unassigned, or your IP address
    • Port – 443
    • SSL certificate – friendly name of the imported certificate
      If you plan to add multiple SSL Certificates to the same server, check the Require Server Name Indication box. Click OK and Close.
  10. Click Restart under the Manage Website
  11. Well done! You’ve successfully installed the SSL Certificate on IIS 10 server.

Note: If your SSL Certificate file extension is *.crt (PEM-encoded format), you may also need to import root and intermediate certificates to the server via Microsoft Management Control (MMC). For the *.cer and *p7b files (PKCS#7 format) you don’t need to perform additional actions.

How to add root and intermediate certificates via MMC?

  1. Press Win+r, type mmc in the run command and press enter
  2. In the Microsoft Management Console click the File button in the top-left corner and select Add/Remove Snap-in
  3. Click Add then double-click the Certificates
  4. Click Add and select the Computer Account. Click Next
  5. In the “Select Computer” window, choose the first option Local Computer and press Finish
  6. Now close the Standalone Snap-in window and click OK ‘ in the ‘Add/Remove Snap-in’ window
  7. Back in the MMC, right-click on the Intermediate Certificate Authorities folder and go to All Task > Import
    Certificate Import Wizard will now open. Click Next
  8. In the following window, select the intermediate SSL certificate and click Next. Wait for the Wizard to complete and click Finish

In the unlikely event that root certificate is not pre-installed in Windows, repeat the last three steps (7 to 9) to complete root certificate installation.

Test the SSL installation

After the installation, it’s important to scan your SSL Certificate for potential errors and vulnerabilities. You can use one of these SSL tools to get instant reports on the state of your SSL.

Microsoft IIS server history and versions

Microsoft Internet Information Services or Internet Information Server or simply IIS is one of the most popular web servers on the internet. Only Apache surpasses it in the overall usage. Microsoft IIS comes pre-installed with every version of Windows and has its beginnings in the now distant Windows 3 version, back in 1995. The latest IIS versions boast excellent security and a wide range of add-on products to satisfy every development need.  

Today, the oldest operational IIS version that you may use in a production environment is IIS 6. However, Microsoft is no longer issuing updates for IIS 6 or Windows Server 2003. Far more reliable and up-to-date versions are IIS 8 and IIS 10.

Below you’ll find all the IIS versions:

  • IIS 1.0 – runs on the Windows NT Server 3.51 operating system
  • IIS 2.0 – runs on the Windows NT Server 4.0 operating system
  • IIS 3.0 – comes with Windows NT 4.0 Service Pack 3
  • IIS 4.0 – runs on Windows NT Server 4.0 SP3 and Microsoft Internet Explorer 4.01
  • IIS 5.0 – included in Windows 2000
  • IIS 5.1 – included in Windows XP-Professional
  • IIS 6.0 – included in Windows Server 2003
  • IIS 7.0 – included in Windows Vista and Windows Server 2008
  • IIS 7.5 – included in Windows 7 and Windows Server 2008 R2
  • IIS 8.0 – included in Windows 8 and Windows Server 2012
  • IIS 8.5 –  included in Windows Server 2012 R2 and Windows 8.1
  • IIS 10 – included in Windows Server 2016 and Windows 10. This version supports HTTP/2.

Where to buy an SSL Certificate for Microsoft IIS Server?

SSL Dragon is your one-stop place for all your SSL needs. We’re partners with the most popular Certificate Authorities on the market and offer incredibly low prices across the entire range of SSL products.

All our certificates are compatible with the Microsoft IIS. Whether you want to secure a website or your email correspondence, we’ve got you covered. Outlined below are the types of SSL certificates available at SSL Dragon:

You can find the perfect SSL Certificate for your project and budget with the help of our handy SSL Wizard and Certificate Filter. The first tool offers a quick and highly-accurate way to determine the right SSL for you, while the latter lets you sort and compare various certificates by price, validation, and features.

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.