This guide will show you how to install an SSL Certificate on the IIS Microsoft server. By the end of this guide, you’ll have a perfectly running SSL installation. We will also give you a few tips on where to buy and how to find the perfect SSL certificate for a Microsoft IIS server.
Table of contents
- Generate a CSR code
- Pre-Installation Steps
- Install an SSL Certificate on IIS 10 / IIS 8 / IIS 8.5 (Windows Server 2012–2025)
- Install an SSL Certificate on IIS 7 (Windows Server 2008 / 2008 R2)
- Install an SSL Certificate on IIS 5 & 6 (Deprecated)
- Test the SSL installation
- Where to buy an SSL Certificate for the Microsoft IIS Server?
Generate a CSR code
Before installing the certificate, you need to generate a CSR (Certificate Signing Request) for the IIS server.
You have two options:
- Generate the CSR automatically using our CSR Generator.
Note: If you don’t generate the CSR in IIS, but via an external tool such as our CSR generator, you will need to convert the SSL certificate along with the private key to PFX format. Here is a guide with detailed instructions on how to import and export a PFX file in IIS. - Follow our tutorial on how to generate a CSR on IIS manually.
Pre-Installation Steps
Before you start, figure out how your certificate was issued.
You either:
- Generated the CSR in IIS and got back a .cer or .p7b file from the Certificate Authority (CA)
- Generated the CSR elsewhere (like OpenSSL, cPanel, or the CSR Generator tool) and received a .pfx file (certificate + private key)
This difference matters. Use the correct method below based on what you have.
Install an SSL Certificate on IIS 10 / IIS 8 / IIS 8.5 (Windows Server 2012–2025)
IIS 8 and higher have the same interface and process. If you’re running Windows Server 2012, 2016, 2019, 2022, or 2025, this is your section.
Option 1 – If You Created the CSR in IIS (You Have a .cer or .p7b File)
Step 1: Download and Extract the Certificate
Save the certificate file you got from the CA (usually .cer or .p7b) to your server, desktop or any folder.
Step 2: Open IIS Manager
- Press Win + R then type inetmgr and hit Enter
or - Go to Start > Administrative Tools > Internet Information Services (IIS) Manager
Step 3: Complete the Certificate Request
- In the Connections panel (left side), select your server name
- In the center panel, double-click Server Certificates
- On the right, under Actions, click Complete Certificate Request
In the popup:
- File name: browse and select your .cer or .p7b file
- Friendly name: give it a name like yourdomain.com_2025 (makes it easy to identify later)
- Certificate store: choose Personal
(If you’re managing many certs at scale, you can use Web Hosting instead) - Click OK
If you get an error saying “Cannot find the certificate request…”, it means the certificate doesn’t match any pending CSR on this server. In that case, skip this method and go to the .pfx method below.
Step 4: Bind the Certificate to Your Site
Now you’ll assign the certificate to a specific website.
- In the Connections panel, expand Sites
- Click your website (e.g., Default Web Site)
- On the right, click Bindings…
- In the Site Bindings window, click Add
Choose:
- Type: HTTPS
- IP address:
All Unassignedor a specific IP - Port: 443
- Hostname: your domain (e.g., www.example.com)
- Check “Require Server Name Indication” if you’re hosting multiple HTTPS sites on one server
From the SSL Certificate dropdown, select the friendly name you just added. Click OK, then Close the bindings window.
Done. IIS starts serving HTTPS instantly, no need to restart anything.
Option 2 – If You Have a .pfx File (CSR Created Outside IIS)
If your certificate came from another tool or system, you must import the .pfx (which includes your certificate + private key).
Step 1: Import the Certificate
- Open IIS Manager → Select your server > Double-click Server Certificates
- On the right, click Import
- Browse to your .pfx file and enter the password (the one used when exporting it)
- Choose the Personal store and click OK
Step 2: Bind the Certificate to Your Website
Same steps as above:
- Go to Connections panel > Sites → Select your website
- In the right pane click Bindings…
- Click Add and configure:
- Type: HTTPS
- Port: 443
- IP: as needed
- Hostname: your domain
- Check SNI if needed
- SSL Certificate: choose the one you just imported
- Click OK and Close
You’re live on HTTPS. No restart needed.
Intermediate Certificates (Optional but Recommended)
Windows builds the certificate chain automatically using the system store. But if a browser shows the “Incomplete Chain” error, install intermediates manually:
- Press Win + R, type mmc, hit Enter
- Navigate to File > Add/Remove Snap-in > Add > Certificates
- Choose Computer Account > Next > Finish > OK
- Navigate to Intermediate Certification Authorities > Certificates
- Right-click, select All Tasks then Import
- Follow the wizard and import the intermediate .crt or .pem
Install an SSL Certificate on IIS 7 (Windows Server 2008 / 2008 R2)
The same core steps as IIS 8/10 apply, but the interface is a little older. If you get an error during Complete Certificate Request, the most common fix:
- Press F5 in the Server Certificates screen to refresh; the cert may have installed silently.
- If it still fails, import a .pfx instead, as in section B.
Binding the cert to your site is identical:
Navigate to Sites > Your site > Bindings > Add HTTPS and choose the cert.
Install an SSL Certificate on IIS 5 & 6 (Deprecated)
These versions are fully deprecated. Only use this section if you’re stuck on ancient infrastructure.
Steps:
- Go to Start > Administrative Tools > Internet Information Services (IIS) Manager
- Right-click your site > Properties > Directory Security tab
- Click Server Certificate
- Choose Process the pending request
- Locate your .cer file and complete the wizard
- Restart your site
If intermediates aren’t trusted, import them manually via MMC (same as above).
Test the SSL installation
After the installation, it’s important to scan your SSL Certificate for potential errors and vulnerabilities. You can use one of these SSL tools to get instant reports on the state of your SSL.
Where to buy an SSL Certificate for the Microsoft IIS Server?
SSL Dragon is your one-stop place for all your SSL needs. We’re partners with the most popular Certificate Authorities on the market and offer incredibly low prices across the entire range of SSL products.
All our certificates are compatible with the Microsoft IIS. Whether you want to secure a website or your email correspondence, we’ve got you covered.
You can find the perfect SSL Certificate for your project and budget with the help of our handy SSL Wizard and Certificate Filter. The first tool offers a quick and highly-accurate way to determine the right SSL for you, while the latter lets you sort and compare various certificates by price, validation, and features.
If you find any inaccuracies or have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.
Frequently Asked Questions
Navigate to Start > Windows Administrative Tools > Internet Information Services (IIS) Manager. Click on the server name In the Connections panel. Double-click on Server Certificates to display certificates in the IIS Manager.
Copy Link
To renew your SSL certificate on IIS, you must install a new one following the same CSR generation and SSL installation steps. SSL certificates are valid for one year. So, when you renew your certificate, you buy a new one and install it again on your server.
Copy Link
Your certificate may not show up because it’s not the same cert you created a “Certificate Request” for. If you add a certificate that wasn’t requested in “Server Certificates”, it won’t display in the IIS binding window even if it does in the “Server Certificates” list.
Copy Link
Save 10% on SSL Certificates when ordering from SSL Dragon today!
Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10
