Installing an SSL Certificate in Windows Server 2008 (IIS 7.0)

Microsoft's new server platform, Windows Server 2008 uses Internet Information Services (IIS) 7.0. This new version makes big changes in the way that SSL certificates are generated, primarily making it much easier than previous versions of IIS. In addition to the new method of requesting and installing SSL certificates, IIS 7 includes the ability to:

  • Request more than one SSL certificate at a time
  • Import, export, and renew SSL certificates easily in IIS
  • Quickly create a self-signed certificate for testing

This article will walk you through the process of ordering an SSL certificate from a commercial certificate authority and installing it on an IIS 7 Windows Server 2008 machine.

Create the Certificate Signing Request

The first step in ordering an SSL certificate is generating a Certificate Signing Request. This is very easy to do in IIS7 using the following instructions. Click here to hide or show the images

  1. Click on the Start menu, go to Administrative Tools, and click on Internet Information Services (IIS) Manager.

  2. Click on the name of the server in the Connections column on the left. Double-click on Server Certificates.

  3. In the Actions column on the right, click on Create Certificate Request...

  4. Enter all of the following information about your company and the domain you are securing and then click Next.

    Name Explanation Examples
    Common Name The fully qualified domain name (FQDN) of your server. This must match exactly what you type in your web browser or you will receive a name mismatch error.

    *.google.com
    mail.google.com

    Organization The legal name of your organization. This should not be abbreviated and should include suffixes such as Inc, Corp, or LLC. Google Inc.
    Organizational Unit The division of your organization handling the certificate. (Most CAs don't validate this field) IT
    Web
    City/Locality The city where your organization is located. Mountain View
    State/province The state/region where your organization is located. This shouldn't be abbreviated. California
    Country/Region The two-letter ISO code for the country where your organization is location. US
    GB
  5. Leave the default Cryptographic Service Provider. Increase the Bit length to 2048 bit or higher. Click Next.

  6. Click the button with the three dots and enter a location and filename where you want to save the CSR file. Click Finish.

Once you have generated a CSR you can use it to order the certificate from a certificate authority. If you don't already have a favorite, you can compare SSL features from each provider using our SSL Wizard or by comparing cheap SSL certificates, Wildcard Certificates, or EV certificates. Once you paste the contents of the CSR and complete the ordering process, your order is validated, and you will receive the SSL certificate file.

Install the Certificate

To install your newly acquired SSL certificate in IIS 7, first copy the file somewhere on the server and then follow these instructions:

  1. Click on the Start menu, go to Administrative Tools, and click on Internet Information Services (IIS) Manager.
  2. Click on the name of the server in the Connections column on the left. Double-click on Server Certificates.

  3. In the Actions column on the right, click on Complete Certificate Request...

  4. Click the button with the three dots and select the server certificate that you received from the certificate authority. If the certificate doesn't have a .cer file extension, select to view all types. Enter any friendly name you want so you can keep track of the certificate on this server. Click OK.

  5. If successful, you will see your newly installed certificate in the list. If you receive an error stating that the request or private key cannot be found, make sure you are using the correct certificate and that you are installing it to the same server that you generated the CSR on. If you are sure of those two things, you may just need to create a new Certificate Request and reissue/replace the certificate. Contact your certificate authority if you have problems with this.

Bind the Certificate to a website

  1. In the Connections column on the left, expand the sites folder and click on the website that you want to bind the certificate to. Click on Bindings... in the right column.

  2. Click on the Add... button.

  3. Change the Type to https and then select the SSL certificate that you just installed. Click OK.

  4. You will now see the binding for port 443 listed. Click Close.

Install any Intermediate Certificates

Most SSL providers issue server certificates off of an Intermediate certificate so you will need to install this Intermediate certificate to the server as well or your visitors will receive a Certificate Not Trusted Error. You can install each Intermediate certificate (sometimes there is more than one) using these instructions:

  1. Download the intermediate certificate to a folder on the server.
  2. Double click the certificate to open the certificate details.
  3. At the bottom of the General tab, click the Install Certificate button to start the certificate import wizard. Click Next.

  4. Select Place all certificates in the following store and click Browse.

  5. Check the Show physical stores checkbox, then expand the Intermediate Certification Authorities folder, select the Local Computer folder beneath it. Click OK. Click Next, then Finish to finish installing the intermediate certificate.

You may need to restart IIS so that it starts giving out the new certificate. You can verify that the certificate is installed correctly by visiting the site in your web browser using https instead of http or using our SSL Checker.

Links

IIS 7 SSL Certificate Installation Videos

 Digg  del.icio.us  Reddit

Posted on October 24, 2007
Showing comments 1 to 20 of 39 | Next | Last
Katy
Posts: 33
Comment
Binding
Reply #39 on : Fri May 16, 2014, 13:10:39
I'm trying to do this, and I think the certificate is there OK, but I can't bind it. There are other certificates installed on this server and 80 and 443 are both used. Can I use a different port? I don't know what to do.
Raj
Posts: 33
Comment
Good Article
Reply #38 on : Wed May 14, 2014, 15:41:34
Nicely explained.
Subash P
Posts: 33
Comment
Re: Installing an SSL Certificate in Windows Server 2008 (IIS 7.0)
Reply #37 on : Wed March 26, 2014, 08:53:12
I have a .pfx certificate file which is being used by our application to connect to OVD active directory. I have imported them into Trusted Root certificates in the MMC. I got the prompt saying that the import was successful. But I dont think it has got imported properly because we are not able to connect to our OVD server and getting some authentication error. I need to know How to verify if the SSL certificate properly installed? How to compare .der and .pfx format certificate as our original certificate provided was .der and we have converted the same to .pfx as per our requirement.

Could someone pls help me on this?
Ali
Posts: 33
Comment
Superb
Reply #36 on : Wed March 26, 2014, 01:34:03
The best article in concise. Its explaining everything in very clearly.

Thanks a lot
Jace
Posts: 33
Comment
Re: Installing an SSL Certificate in Windows Server 2008 (IIS 7.0)
Reply #35 on : Sun February 02, 2014, 19:11:19
Hi Guys,

First, i wanna say sorry for the ignorance, really new here.

I was ask to install an SSL certificate on 1 of our site on IIS 7, but prior to that there is already 1 SSL installed on one of the site on the same IIS.

As I tried to install the SSL, i got this message:

"At least one other site is using the same HTTPS binding and the bindings is configured with a different certificate. Are you sure that you want to reuse this HTTPS binding and reassign the other site or sites to use the cew certificate?"

The first site (www .test.com) and second (try.xxxxx.com).

Please help! How can I make this work.

Thanks in advanceā€¦
Ronald Hill
Posts: 33
Comment
SSL Admin
Reply #34 on : Wed January 08, 2014, 13:32:23
This is my go to guide it really saved me. Thank you.
Robert
Posts: 6
Comment
Re: accidently removed SSL Certificate
Reply #33 on : Thu June 13, 2013, 09:25:37
Hi Josh,

If you removed the pending request, you will probably have to create a new one and then reissue/rekey your certificate on Symantec's site.
josh
Posts: 33
Comment
accidently removed SSL Certificate
Reply #32 on : Mon June 10, 2013, 20:02:45
Hey wonder if anyone can help. Was attempting to install my SSL cert from symantec and after running thru the steps it it didn't appear to be working correctly so I removed the certificate. Now when i go back to complete the certficate request to reinstall it all i get is a error message like b4 but this time it didn't install and i can't rebind the cert. I assumed if removed all you had to do is run thru the steps to install it again and well tha must be wrong!!??
Shreekanth Gaanji
Posts: 33
Comment
Thank you.
Reply #31 on : Thu May 02, 2013, 05:21:59
The content was self explinatory.Thank you so much!
jildo
Posts: 33
Comment
Re: Installing an SSL Certificate in Windows Server 2008 (IIS 7.0)
Reply #30 on : Wed February 13, 2013, 00:04:46
Excellent, Thanks a lot
Varun
Posts: 33
Comment
U saved my Ass
Reply #29 on : Fri November 23, 2012, 03:28:49
U dont know bro but u saved my fucking ass... Million trillions thxs to u.....!!! Gud work keep it up..!!!
TheForce
Posts: 33
Comment
Informative
Reply #28 on : Sun November 11, 2012, 18:41:01
This is very informative.

Good Work!!!
Bill Turner
Posts: 33
Comment
Brilliant!
Reply #27 on : Tue August 07, 2012, 07:40:47
Brilliant guide. Concise and complete - thanks VERY much :-)
Robert
Posts: 6
Comment
Re: Renewing a Wildcard SSL
Reply #26 on : Wed May 30, 2012, 06:56:40
Hi Stephanie,

I am not aware of anyway to renew without having to re-bind to all of the subdomains.
Stephanie
Posts: 33
Comment
Renewing a Wildcard SSL
Reply #25 on : Tue May 29, 2012, 15:26:55
I have a wild card ssl certificate that is bound to over fifty subdomains. Now it is time to renew said ssl certificate. What is the best process to do this so I do not have to rebind all of these subdomains?
LUCIANO
Posts: 33
Comment
THANKS
Reply #24 on : Sun April 15, 2012, 00:47:53
I cant thank you enough for this, this tutorial saved my ass on a Saturday at 10pm
a million thanks
The5thHorseman
Posts: 33
Comment
Great Tutorial
Reply #23 on : Tue February 28, 2012, 11:35:53
Great job making this tutorial, gets you up and running quickly. The only thing I would add near the beginning is that in order for IIS 7 to accept the cert, the CSR MUST have been generated on the same server. Otherwise Windows will refuse the cert.
Gregory T Maxwell
Posts: 33
Comment
Installing SSL
Reply #22 on : Tue January 03, 2012, 13:29:29
This document was excellent. It really help this SA out. I'm not a web guy, but have been put in that roll and this was very helpful.
paul
Posts: 33
Comment
good article
Reply #21 on : Wed November 09, 2011, 13:09:00
This article was very good. I had the SSL cert that we bought up running in 1 day.
Robert
Posts: 6
Comment
Re: Certificate Export and Import
Reply #20 on : Thu October 06, 2011, 07:28:01
Thanks, Maran! The instructions for exporting and importing the certificate can be found here: https://www.sslshopper.com/how-to-move-or-copy-an-ssl-certificate-from-one-server-to-another.html
Showing comments 1 to 20 of 39 | Next | Last

Write a comment


If you have trouble reading the code, click on the code itself to generate a new random code.
Security Code:
 
Post Comment