Installing your ssl Certificate on a Microsoft IIS 7
1. Save the certificate files from the email you received.
to your computer. You may use whatever filename and extension that you want so long as you remember what you used. It is suggested that you save the files with a .cer extension which will make importing the certificates into IIS easier.
2. Installing the Root & Intermediate Certificates:
You will have received 3 Certificates:
Save these Certificates to the desktop of the webserver machine, then:
- Intermediate CA Certificate - UTNAddTrustServerCA.crt
- Intermediate CA Certificate - PostiveSSLCA.crt
- Your SSL Server Certificate - yourdomain_com.crt
- Click the Start Button then select Run and
- Click Console and select Add/Remove Snap in
- Select Add, select Certificates from the
Add Standalone Snap-in box and click Add
- Select Computer Account and Local Computer then click Finish
- Close the Add Standalone Snap-in box, click OK in
the Add/Remove Snap in
- Return to the MMC
- To install the AddTrustExternalCARoot Root Certificate:
- The AddTrustExternalCARoot Root Certificate can be obtained here
- Right click the Trusted Root Certification Authorities,
select All Tasks, select Import.
- Locate the UTN-USERfirst-Hardware Certificate and click
- When the wizard is completed, click Finish.
- To install the PostiveSSLCA certificate & UTNAddTrustServerCA intermediate Certificates:
- Right click the Intermediate Certification Authorities,
select All Tasks, select Import.
- Complete the import wizard again, but this time locating
the PostiveSSLCA Certificate when prompted
for the Certificate file.
- Repeat for the UTNAddTrustServerCA intermediate certificate
Check your progress:
- Ensure that the UTNAddTrustServerCA
certificate appears under Trusted Root Certification Authorities
- Ensure that the PostiveSSLCA & UTNAddTrustServerCA
appears under Intermediate Certification Authorities
Installing your IIS SSL Certificate:
- Click Start.
- Select Administrative Tools.
- Start Internet Services Manager.
- Click Server Name.
- From the center menu, double-click the "Server
Certificates" button in the "Security"
- Select "Actions" menu (on the right), click on "Complete
- This will open the Complete Certificate Request
Note: There is a known issue in IIS 7 giving the following error:
"Cannot find the certificate request associated with this certificate
file. A certificate request must be completed on the computer where it
was created." You may also receive a message stating "ASN1 bad tag value
met". If this is the same server that you generated the CSR on then, in
most cases, the certificate is actually installed. Simply cancel the
dialog and press "F5" to refresh the list of server certificates. If the
new certificate is now in the list, you can continue with the next
step. If it is not in the list, you will need to reissue your
certificate using a new CSR (see our CSR creation instructions for IIS
7). After creating a new CSR, login to your Completessl account and click the
'replace' button for your certificate.
- Enter the location of your IIS SSL certificate (you will need to
browse to locate your IIS SSL certificate this file will be the
certificate sent to you in a zip file and should be named
"yourdomainname.crt").Then enter a friendly name. The friendly name is
not part of the certificate itself, but is used by the server
administrator to easily distinguish the certificate. Then click Ok.
- After the certificate has been successfully installed to the
server, you will need to assign that certificate to the appropriate
website using IIS.
- From the "Connections" menu in the main Internet
Information Services (IIS) Manager window, select the name of
the server to which the certificate was installed.
- Under "Sites",select the site to be secured with
- From the "Actions" menu (on the right), click on "Bindings".
- This will open the "Site Bindings" window.
- In the "Site Bindings" window, click "Add".
This will open the "Add Site Binding" window.
- Under "Type" choose https. The IP
address should be the IP address of the site or All
Unassigned, and the port over which traffic will be
secured by SSL is usually 443. The "SSL
Certificate"field should specify the certificate that was
- You now have an IIS SSL server certificate installed.
Important: You must now restart the computer
to complete the install
You may want to test the Web site to ensure that everything
is working correctly. Be sure to use when you test connectivity
to the site.
If you get a security message when viewing the site under https, check the certificate path. If the path does not contain the UTN-USERfirst-Hardware and PostiveSSLCA, similar to this:
Then the intermediate certificates are not properly installed, please check the portion of these instructions regarding the installation of the intermediate certificates.
The proper path looks like this in Internet explorer:
OR this in firefox