Web Analytics

Install an SSL Certificate on IIS 7

After your SSL certificate has been issued and downloaded to your local machine, you must ensure the certificates are ready for installation. Be sure to store the certificate files in a secure location.

Proper functioning of a server certificate depends on the successful installation of intermediate and root certificates. The complete SSL.com certificate chain typically includes 4 files (the older USERTRUST roots also use 4 files):

SSL.com roots

Certificate Files
 Description
CERTUM_TRUSTED_NETWORK_CA.crt Root 1 Certificate
SSL_COM_ROOT_CERTIFICATION_AUTHORITY_RSA.crt Root 2 Certificate
SSL_COM_RSA_SSL_SUBCA.crt Intermediate Certificate
your_domain_here.crt Signed Server Certificate

USERTRUST roots

Certificate Files
 Description
AAACertificateServices.crt Root Certificate
USERTrustRSAAAACA.crt Intermediate Certificate 1
SSLcomDVCA_2.crt Intermediate Certificate 2
your_domain_here.crt Signed Server Certificate

To Install an SSL on Microsoft IIS 7

The steps below outline the process of installing certificate files into MMC, and binding to the signed server certificate within IIS.

  1. To install an SSL certificate file, click Start, and then Click Run….
  2. Type mmc, and then Click OK. The Microsoft Management Console (Console) window opens.
  3. In the Console1 window, Click the File menu, and then Select Add/Remove Snap-in.
  4. In the Add or Remove Snap-in window, Select Certificates, and then Click Add.
  5. In the Certificates snap-in window, Select Computer Account, and then Click Next.
  6. In the Select Computer window, Select Local Computer, and then Click Finish.
  7. In the Add or Remove Snap-in window, Click OK.
  8. In the Console1 window, Click + to expand the folder.
  9. Right-click the certificate store you’d like to import into, mouse-over All Tasks, and then Click Import.
  10. In the Certificate Import Wizard window, Click the Next button.
  11. Click Browse to find the desired certificate file.
  12. In the Open window, you may need to change the file extension filter to All Files (*.*). Select the appropriate certificate file and then click the Open button.
  13. In the Certificate Import Wizard window, Click the Next button.
  14. Select Place all certificates in the following store, and then Click the Browse button.
  15. In the Select Certificate Store window, Select Intermediate Certification Authorities, and then Click the OK button.
  16. In the Certificate Import Wizard window, Click the Next button.
  17. Click the Finish button.
  18. Click the OK button.
  19. You’ll repeat steps 9 – 18 until all certificate files have been imported into their corresponding certificate store(Trusted Root, Intermediate, Personal) .
  20. Close the Console 1 window, and then Click No to remove the console settings.
  21. Now, to complete the certificate request, Click Start, mouse-over Administrative Tools, and then Click Internet Services Manager.
  22. In the Internet Information Services (IIS) Manager window, Select your server.
  23. Double-click Server Certificates.
  24. From the Actions panel on the right, Click Complete Certificate Request
  25. To locate your certificate file, Click the ‘….’ button
  26. In the Open window, Select *.* as your file name extension, Select your certificate (it might be saved as a .p7b, .cer, or .crt), and then Click Open.
    NOTE: You may receive a notice that the certificate request for this cert is missing. If that happens check the following:
    A.) that you have entered a Friendly Name for the certificate;
    B.) insure that you are installing the certificate on the same PC or server that was used to generate the certificate request; or,
    C.) jump ahead to Step 28 – if you ever double clicked the icon for the certificate, then IIS automatically installed it and it is now available to bind to your website.
  27. In the Complete Certificate Request window, enter a Friendly name for the certificate file, and then Click the OK button.
  28. In the Internet Information Services (IIS) Manager window, Select the name of the server where you installed the certificate.
  29. Click + beside Sites, Select the site to secure with the SSL certificate.
  30. In the Actions panel on the right, Click Bindings….
  31. Click Add….
  32. In the Add Site Binding window:
  33. For Type, Select https.
  34. For IP address, Select All Unassigned, or the IP address of the site.
  35. For Port, type 443.
  36. For SSL Certificate, Select the SSL certificate you just installed, and then Click OK.
  37. Close the Site Bindings window.
  38. Close the Internet Information Services (IIS) Manager window.

Your SSL Certificate is now installed. Visit your website with HTTPS to verify the installation.

You also may need to disable a self-signed USERTrust file within the Intermediate CA folder. Some files may be active in the Trusted Root or Personal directories. An incomplete certificate chain even after completing an installation generally means that there is a USERTrust file outside of the Intermediate CA directory.

SSL Support Team

All Posts

Related How Tos

View All How Tos
Facebook Twitter Youtube Github

Subscribe to SSL.com’s Newsletter

What is SSL/TLS?

Play Video

Subscribe To SSL.com’s Newsletter

Don’t miss new articles and updates from SSL.com

Stay Informed and Secure

SSL.com is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from SSL.com and stay informed of the latest changes about digital identity and encryption that can impact and enhance your life.

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.

Take Survey