Installing an SSL Certificate in Windows Server 2008 (IIS 7.0)

Microsoft's new server platform, Windows Server 2008 uses Internet Information Services (IIS) 7.0. This new version makes big changes in the way that SSL certificates are generated, primarily making it much easier than previous versions of IIS. In addition to the new method of requesting and installing SSL certificates, IIS 7 includes the ability to:

  • Request more than one SSL certificate at a time
  • Import, export, and renew SSL certificates easily in IIS
  • Quickly create a self-signed certificate for testing

This article will walk you through the process of ordering an SSL certificate from a commercial certificate authority and installing it on an IIS 7 Windows Server 2008 machine.

Create the Certificate Signing Request

The first step in ordering an SSL certificate is generating a Certificate Signing Request. This is very easy to do in IIS7 using the following instructions. Click here to hide or show the images

  1. Click on the Start menu, go to Administrative Tools, and click on Internet Information Services (IIS) Manager.

  2. Click on the name of the server in the Connections column on the left. Double-click on Server Certificates.

  3. In the Actions column on the right, click on Create Certificate Request...

  4. Enter all of the following information about your company and the domain you are securing and then click Next.

    Name Explanation Examples
    Common Name The fully qualified domain name (FQDN) of your server. This must match exactly what you type in your web browser or you will receive a name mismatch error.

    *.google.com
    mail.google.com

    Organization The legal name of your organization. This should not be abbreviated and should include suffixes such as Inc, Corp, or LLC. Google Inc.
    Organizational Unit The division of your organization handling the certificate. (Most CAs don't validate this field) IT
    Web
    City/Locality The city where your organization is located. Mountain View
    State/province The state/region where your organization is located. This shouldn't be abbreviated. California
    Country/Region The two-letter ISO code for the country where your organization is location. US
    GB
  5. Leave the default Cryptographic Service Provider. Increase the Bit length to 2048 bit or higher. Click Next.

  6. Click the button with the three dots and enter a location and filename where you want to save the CSR file. Click Finish.

Once you have generated a CSR you can use it to order the certificate from a certificate authority. If you don't already have a favorite, you can compare SSL features from each provider using our SSL Wizard or by comparing cheap SSL certificates, Wildcard Certificates, or EV certificates. Once you paste the contents of the CSR and complete the ordering process, your order is validated, and you will receive the SSL certificate file.

Install the Certificate

To install your newly acquired SSL certificate in IIS 7, first copy the file somewhere on the server and then follow these instructions:

  1. Click on the Start menu, go to Administrative Tools, and click on Internet Information Services (IIS) Manager.
  2. Click on the name of the server in the Connections column on the left. Double-click on Server Certificates.

  3. In the Actions column on the right, click on Complete Certificate Request...

  4. Click the button with the three dots and select the server certificate that you received from the certificate authority. If the certificate doesn't have a .cer file extension, select to view all types. Enter any friendly name you want so you can keep track of the certificate on this server. Click OK.

  5. If successful, you will see your newly installed certificate in the list. If you receive an error stating that the request or private key cannot be found, make sure you are using the correct certificate and that you are installing it to the same server that you generated the CSR on. If you are sure of those two things, you may just need to create a new Certificate Request and reissue/replace the certificate. Contact your certificate authority if you have problems with this.

Bind the Certificate to a website

  1. In the Connections column on the left, expand the sites folder and click on the website that you want to bind the certificate to. Click on Bindings... in the right column.

  2. Click on the Add... button.

  3. Change the Type to https and then select the SSL certificate that you just installed. Click OK.

  4. You will now see the binding for port 443 listed. Click Close.

Install any Intermediate Certificates

Most SSL providers issue server certificates off of an Intermediate certificate so you will need to install this Intermediate certificate to the server as well or your visitors will receive a Certificate Not Trusted Error. You can install each Intermediate certificate (sometimes there is more than one) using these instructions:

  1. Download the intermediate certificate to a folder on the server.
  2. Double click the certificate to open the certificate details.
  3. At the bottom of the General tab, click the Install Certificate button to start the certificate import wizard. Click Next.

  4. Select Place all certificates in the following store and click Browse.

  5. Check the Show physical stores checkbox, then expand the Intermediate Certification Authorities folder, select the Local Computer folder beneath it. Click OK. Click Next, then Finish to finish installing the intermediate certificate.

You may need to restart IIS so that it starts giving out the new certificate. You can verify that the certificate is installed correctly by visiting the site in your web browser using https instead of http or using our SSL Checker.

Links

IIS 7 SSL Certificate Installation Videos

 Digg  del.icio.us  Reddit

Posted on October 24, 2007
First | Previous | Showing comments 21 to 37 of 37
ankit.nautiyal
Posts: 31
Comment
SSL
Reply #17 on : Wed August 17, 2011, 10:48:12
Good one.
kilic
Posts: 31
Comment
SSL
Reply #16 on : Fri July 29, 2011, 04:44:37
thank youu...
Robert
Posts: 6
Comment
Re: How to add friendly name after import
Reply #15 on : Sat March 26, 2011, 09:36:11
Hi Dan,

I think the only way to edit the friendly name at that point is to open the MMC certificates snap-in and edit the properties of the certificate.
Dan Cummings
Posts: 31
Comment
How to add friendly name after import
Reply #14 on : Fri March 25, 2011, 13:23:08
After I imported 2 certs from IIS 6.0, I noticed that the friendly name for both my certs was <none>. When I got to the bindings step, it isn't evident from the drop down which cert I'm looking at. I saw that there is a view button next to the drop down when setting up the bindings and was able to determine the cert using the view. How do you set the friendly name after you import? Is it possible?
ABCD
Posts: 31
Comment
Certificate
Reply #13 on : Fri March 04, 2011, 18:46:31
GoDaddy do a article for installing their certificates:

http://community.godaddy.com/help/article/4801
Yiannis
Posts: 31
Comment
thank you
Reply #12 on : Thu September 23, 2010, 14:24:39
THANK YOU VERY MUCH!!!!!
Robert
Posts: 6
Comment
Re: Installing an SSL Certificate in Windows Server 2008 (IIS 7.0)
Reply #11 on : Thu August 05, 2010, 21:50:10
Hi vijay,

That can sometimes happen if the certificate is in PKCS#7 format. Contact your certificate provider and they should be able to help.
vijay
Posts: 31
Comment
Re: Installing an SSL Certificate in Windows Server 2008 (IIS 7.0)
Reply #10 on : Thu August 05, 2010, 09:51:58
Robert
The error about
"Cannot find the certificate request that is associated with the certificate file. A certificate request must be completed on the computer where the request was created"

happens even when the CSR was created in the same machine and issued cert is being installed in the same machine. Puzzled.
Eyal Estrin
Posts: 31
Comment
Windows 2008 R2 CA installation guide
Reply #9 on : Sun July 18, 2010, 00:46:07
http://eyalestrin.blogspot.com/2010/07/windows-2008-r2-certification-authority.html
Naveen
Posts: 31
Comment
Installing an SSL Certificate in Windows Server 2008 (IIS 7.0)
Reply #8 on : Mon February 15, 2010, 19:47:22
Is it possible to set SSL Cert for 443 port through command line?

"Bind the Certificate to a website" step 3 in the above posting.
Marty
Posts: 31
Comment
Certificate Import Wizard Default Incorrect
Reply #7 on : Fri August 14, 2009, 11:15:34
If you inadvertently proceed in step four to install using the automatic option, the cert will install to your personal store rather than the machine store. It cannot be moved into the correct store. The site will work with the cert in the incorrect store until the system restarts. Then the cert will not function properly. It must be deleted and imported again into the machine store as shown.
Robert
Posts: 6
Comment
Re: Yazid
Reply #6 on : Mon June 01, 2009, 20:30:07
Hi Yazid,

That error normally means that you didn't create the CSR (Certificate Signing Request) on this same IIS machine and therefore don't have the private key. You have to install the certificate to the same server that you generated the CSR on or it won't work. You may need to generate a new CSR on that server and reissue/rekey the request to get a new certificate.
Yazid
Posts: 31
Comment
Re: Installing an SSL Certificate in Windows Server 2008 (IIS 7.0)
Reply #5 on : Mon June 01, 2009, 04:27:17
In the step specify Certificate Authority Response, I am getting an error:

Cannot find the certificate request that is associated with the certificate file. A certificate request must be completed on the computer where the request was created
Walter
Posts: 31
Comment
IIS 7
Reply #4 on : Thu May 14, 2009, 18:51:28
Thanks for the how to. I don't use IIS very much and IIS 7 definately threw me for a loop. I was able to get OWA up and running with a certificate I exported from an 03 mail server.
Kaushik Mukherjee
Posts: 31
Comment
IIS7
Reply #3 on : Sun May 03, 2009, 23:59:25
I've gone through your website it is very helpful.I would request you please send me Total configuration guide for IIS7 (ASP.Net,IIS,Management).

Thanks
Kaushik
Yogesh
Posts: 31
Comment
Installing an SSL Certificate in Windows Server 2008 (IIS 7.0)
Reply #2 on : Wed March 11, 2009, 00:59:27
Nice Artical... thanks alot for posting it.....
andrew
Posts: 31
Comment
Re: Installing an SSL Certificate in Windows Server 2008 (IIS 7.0)
Reply #1 on : Thu February 12, 2009, 18:15:24
after exporting my cert from 2003 i just did these two steps to get things working.

Import-ExchangeCertificate -Path C:\certs\cert.pfx -Password:(Get-Credential).password (anything for username)

Get-ExchangeCertificate | format-list to get the thumbprint

Enable-ExchangeCertificate -thumbprint 55740BCFAC59814EF0B517C2B87B15CB730F1060 -services IIS
First | Previous | Showing comments 21 to 37 of 37

Write a comment


If you have trouble reading the code, click on the code itself to generate a new random code.
Security Code:
 
Post Comment