SSL Certificate Installation in Microsoft IIS 5 & 6

If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see IIS SSL Certificate CSR Creation :: Microsoft IIS.

How to install your SSL Certificate to your Windows 2000/2003 Server

New: IIS 5/6 installation video walkthrough

If you are installing an Extended Validation SSL Certificate, use our IIS EV SSL Certificate Installation Instructions. If you are installing any other SSL Certificate, follow the instructions below.

Install your Certificate:

  1. Open the ZIP file containing your certificate and copy the file named your_domain_name.cer to the desktop of the web server you are securing.

  2. Go to your Administrative Tools, and Open the Internet Services Manager. Right-Click on the Default Website or the website that the CSR was created on and select Properties. The certificate will only be able to be installed on the same website that you created the CSR on.

  3. Go to the Directory Security panel. Click on the "Server Certificate..." button. This will start the certificate wizard. Click "Next".

  4. Choose to Process the pending request and install the certificate and click Next.

  5. "Browse" for your SSL Certificate. Locate your_domain_name.cer, then Click Next. Follow the rest of the wizard steps until finished.

Test your certificate

In most situations IIS will instantly begin using the new certificate and a restart is not necessary. You can verify that your certificate is properly installed by using our Certificate Testing Tool.

The best way to test your certificate using a browser is to visit its secure URL with a browser other than Internet Explorer. We recommend this because Internet Explorer is able to verify your site is trusted with or without the intermediate certificate, but most other browsers cannot do this. If other browsers complain about your site not being trusted, but Internet Explorer does not, then you most likely need to install the intermediate certificate (instructions below).

Note for ISA users: If you are using ISA 2004 or 2006 and your server is not sending the intermediate certificate, you need to fully reboot your server. We have confirmed this to be true with many customers: ISA server will not properly send the intermedate certificate chain until after a full reboot.

If you notice that the server continues to use an old certificate or the server will not load https at all then you may need to shutdown and restart the server.

Backup the certificate and private key (Recommended)

It is always good to keep a backup of your certificate and private key in case your server crashes. You must backup your certificate from your server in order to include a backup of your private key. The private key is not included in your certificate files, and the certificate is not functional without the private key.

To backup your SSL Certificate and private key, we recommend you refer to our PFX export instructions for help backing up your certificates and private key as a .pfx file.

Import the Intermediate Certificate (Not required for most installations)

Because the ¶ºÒõ¹Ý Intermediate Certificate is built into your_domain_name.cer, this step should not be necessary for most installations. When the certificate is correctly installed to your server browsers will not display any certificate warnings whatsoever. However, if your clients are getting a warning stating that the certificate was issued by a company that you have not chosen to trust, then the following procedure will fix that problem.

  1. Download the ¶ºÒõ¹ÝCA.crt Certificate file from inside your ¶ºÒõ¹Ý account and save it to your desktop.

  2. Double-click the certificate. This will open the certificate to view.

  3. At the bottom of the General tab, click the "Install Certificate..." button. This will start the certificate import wizard. Click "Next".

  4. Choose to "Place all certificates in the following store", and click "Browse".

  5. First, click the "Show physical stores" box, then expand the Intermediate Certification Authorities folder, select the underlying Local Computer folder, and click ok. Hit "Next", then "Finish"

  6. Your intermediate certificate is now installed. You may need to restart your server.

  7. For help installing your certificate, or troubleshooting your cert installation, see our new Windows SSL troubleshooting tool.

Para instrucciones en espa?ol visite IIS 6 Instalar Certificado SSL.

IIS SSL Certificates, Guides, & Tutorials

Learn More

Install a Multi-Domain (SAN) or Wildcard certificate on multiple IIS sites

If you have several IIS web sites that need to use a Wildcard Certificate or a Multi-Domain (SAN) Certificate, you'll need to set up SSL Host Headers rather than just assigning each site to use the certificate. The name of each IIS site that you use the certificate on will need to be covered by the Multi-Domain (SAN) or Wildcard Certificate.

SSL Certificates :: Microsoft Internet Information Server 5x & 6x

How to install your SSL Digital Certificate to your Windows 2000 or 2003 Server.