How to Install an SSL Certificate on IIS 10 & other versions

This guide will show you how to install an SSL Certificate on the IIS Microsoft server. By the end of this guide, you’ll have a perfectly running SSL installation. We will also give you a few tips on where to buy and how to find the perfect SSL certificate for a Microsoft IIS server.

Table of contents

1. Generate a CSR code
2. How to Install an SSL Certificate on IIS 10
3. How to Install an SSL Certificate on IIS 8 & 8.5
4. How to Install an SSL Certificate on IIS 7
5. How to Install an SSL Certificate on IIS 5 & 6
6. Manually install the intermediate certificates
7. How to add root and intermediate certificates via MMC?
8. Test the SSL installation
9. Where to buy an SSL Certificate for the Microsoft IIS Server?

Generate a CSR code

Before installing the certificate, you need to generate a CSR (Certificate Signing Request) for the IIS server.

You have two options:

1. Generate the CSR automatically using our CSR Generator.
   Note: If you don’t generate the CSR in IIS, but via an external tool such as our CSR generator, you will need to convert the SSL certificate along with the private key to PFX format. Here is a guide with detailed instructions on how to import and export a PFX file in IIS.
2. Follow our tutorial on how to generate a CSR on IIS manually.

How to Install an SSL Certificate on IIS 10

Follow the steps below to configure your SSL certificate on IIS 10.

1. Download and extract the certificate file that you’ve received from the Certificate Authority. Look for the file with the .cer extension and save it to your server’s directory
2. From your keyboard, press Win + r and type inetmgr and click OK to open to the Internet Services (IIS) Manager. You can also launch the IIS manager via Start > Administrative Tools > Internet Information Services (IIS) Manager
3. On the left, you will find the Connections section. Select the server and double-click the Server Certificates icon from the Home page
4. On the right, locate the Actions section and select Complete Certificate Request
5. Fill in the Specify Certificate Authority Response window as below:
   • File name containing the certification authority’s response – locate and indicate the .cer file that you received from the Certificate authority
   • Friendly Name – type your domain name, or any other easy-to-remember name
   • Select a certificate store for the new certificate – Personal. Click OK
6. Now you have to assign your certificate to your website. Go back to the Connections menu and expand the Sites folder. Select the site you want to protect
7. Next, locate and click the Bindings option. You’ll find it in the Actions section, under the Edit Site
8. In the next window click Add
9. Another window will appear. Here select the following options:
   • Type – HTTPS
   • IP address – All Unassigned, or your IP address
   • Port – 443
   • SSL certificate – the friendly name of the imported certificate
     If you plan to add multiple SSL Certificates to the same server, check the Require Server Name Indication box. Click OK and Close.
10. Click Restart under the Manage Website

You’ve successfully installed the SSL Certificate on IIS 10 server.

Note: If your SSL Certificate file extension is *.crt (PEM-encoded format), you may also need to import root and intermediate certificates to the server via Microsoft Management Control (MMC). For the *.cer and *p7b files (PKCS#7 format) you don’t need to perform additional actions.

How to Install an SSL Certificate on IIS 8 & 8.5

After the CA validates and issues the SSL Certificate, complete the following steps:

1. Download and extract your SSL Certificate (.cer file) to your server directory
2. Go to Start > Administrative Tools > Internet Information Services (IIS) Manager and open it
3. Locate your server in the left-side Connections menu and double-click the Server Certificates icon
4. Now, in the right Actions pane click on Complete Certificate Request
5. The Complete Certificate Request window will open. Indicate the path to your .cer certificate file and add a Friendly Name (here you can type your domain, or an easy-to-remember name to avoid confusion with other requests). From the drop-down list, select Personal as your certificate store and click OK
6. Go back to the Connections section and click to expand the Sites folder. Select the website you want to secure
7. Hover your mouse over the top-right Actions menu and select Bindings
8. A new Site Bindings window will pop up. Click Add
9. In the Add Site Binding window, select the following parameters
   • Type – HTTPS
   • IP address – All Unassigned, or your IP address
   • Port – 443
   • SSL certificate – the friendly name of the imported certificate
     We recommend checking the Require Server Name Indication box as it allows multiple SSL installations on the same server. Click OK and Close.
10. Under the Manage Website click Restart

Note: If your SSL Certificate file extension is *.crt (PEM-encoded format), you may also need to import root and intermediate certificates to the server via Microsoft Management Control (MMC). For the *.cer and *p7b files (PKCS#7 format) you don’t need to perform additional actions.

Congratulations, you’ve activated the HTTPS version for your website!

How to Install an SSL Certificate on IIS 7

You can install the SSL certificate on the same machine where you’ve generated it, using the IIS manager. Please, follow the steps below:

1. Open and save the certificate (.cer) file that you received from the Certificate Authority on your server
2. Press win + r, type inetmgr,and click ok to open the Internet Information Services Manager. You can also access it via Start menu >Administrative Tools > Internet Information Services (IIS) Manager
3. Select the server in the right-side Connections menu and double-click the “Server Certificates” from the center menu
4. On the right side, inside Actions click the “Complete Certificate Request” option to open the Complete certificate request wizard
5. In the wizard, on the Specify Certificate Authority Response window, locate the .cer file you received from the Certificate Authority; e.g.: www_ssldragon_com.cer and give it a friendly, easy-to-remember name. The friendly name helps distinguish this particular certificate from the other certificates on the server.
   Tip: For easy identification specify the CA name and the expiration date at the end of your friendly name
6. Click OK to install the certificate
   Note: If you receive the following errors: “Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created” or “ASN1 bad tag value met” when importing the certificate, don’t panic. This is a known issue in the IIS7 where the actual certificate is imported but doesn’t have a friendly name. Thankfully, Microsoft provides an easy fix. Close the error window and press F5 to refresh the list of server certificates. Follow these instructions.
7. Now, you have to assign your certificate to the default website. Go to the left-side Connections menu and click on your webserver
8. Expand the Sites folder and select the website you want to secure with this certificate
9. Next, move to the right-side Actions menu and click on the Bindings… option under the Edit Site
10. In the new Site Bindings window, click Add
11. In the Add Site Binding window, add the following details and click OK
    • Type – HTTPS
    • IP address – All Unassigned, or your IP address
    • Port – 443
    • SSL certificate – the friendly name of the imported certificate

Congratulations! You’ve finally installed the SSL Certificate on the Microsoft IIS 7 server.

How to Install an SSL Certificate on IIS 5 & 6

Once you’ve generated the CSR, you can install it on your server:

1. You will receive an archived zip folder from the Certificate Authority. Download and extract the your_domain_name.cer file on your server directory
2. Click the Start button and go to Administrative Tools under All programs. Open the Internet Services Manager
3. Right-click the website you want to secure (e.g. Default Web Site) and left-click on properties
4. Select the Directory Security tab and click on Server Certificate
5. In the ITS Certificate Wizard select the first option Process the pending request and install the certificate. Click Next
6. Now, browse to the location of your SSL Certificate (. cert file) that you previously saved on your server’s directory. Click Next
7. Double-check the summary screen and click Next
8. Review the information once again then hit Next, and finally Finish
9. Restart your server now

Congratulations you have successfully installed the SSL Certificate on the Microsoft ISS server!

Manually install the intermediate certificates

In some instances, you may need to manually install the intermediate certificates on IIS 5 & 6 and IIS 7. Follow the instructions below:

1.  Double-click the Intermediate certificate from your server’s desktop and click Open.
2. In the Certificate window, select the General tab, click Install Certificate…, then click Next.
3. In the Certificate Import Wizard, select Place all certificates in the following store…, then click Browse.
4. Check the Show Physical stores box.
5. Next, expand the Intermediate Certification Authority folder.
6. Select Local Computer, then click OK and Finish.
7. Restart the IIS server.

How to add root and intermediate certificates via MMC?

1. Press Win + r, type mmc in the run command, and press enter
2. In the Microsoft Management Console click the File button in the top-left corner and select Add/Remove Snap-in
3. Click Add then double-click the Certificates
4. Click Add and select the Computer Account. Click Next
5. In the “Select Computer” window, choose the first option Local Computer, and press Finish
6. Now close the Standalone Snap-in window and click OK in the ‘Add/Remove Snap-in‘ window
7. Back in the MMC, right-click on the Intermediate Certificate Authorities folder and go to All Task > Import
8. Certificate Import Wizard will now open. Click Next
9. In the following window, select the intermediate SSL certificate and click Next. Wait for the Wizard to complete and click Finish.

In the unlikely event that the root certificate is not pre-installed in Windows, repeat the last three steps (7 to 9) to complete the root certificate installation.

Test the SSL installation

After the installation, it’s important to scan your SSL Certificate for potential errors and vulnerabilities. You can use one of these SSL tools to get instant reports on the state of your SSL.

Where to buy an SSL Certificate for the Microsoft IIS Server?

SSL Dragon is your one-stop place for all your SSL needs. We’re partners with the most popular Certificate Authorities on the market and offer incredibly low prices across the entire range of SSL products.

All our certificates are compatible with the Microsoft IIS. Whether you want to secure a website or your email correspondence, we’ve got you covered.

You can find the perfect SSL Certificate for your project and budget with the help of our handy SSL Wizard and Certificate Filter. The first tool offers a quick and highly-accurate way to determine the right SSL for you, while the latter lets you sort and compare various certificates by price, validation, and features.

If you find any inaccuracies or have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.

Frequently Asked Questions