more links:
  order process
CSR Generation
Certificate Installation
Display your Site Seal
Site Map
Still unsure? Then why not try a
30 day free trial OneStepSSL here to learn more
Select Currency:

Installing your ssl Certificate on a Microsoft IIS 7

1. Save the certificate files from the email you received.

to your computer. You may use whatever filename and extension that you want so long as you remember what you used. It is suggested that you save the files with a .cer extension which will make importing the certificates into IIS easier.

2. Installing the Root & Intermediate Certificates:

You will have received 3 Certificates:
  • Intermediate CA Certificate - UTNAddTrustServerCA.crt
  • Intermediate CA Certificate - PostiveSSLCA.crt
  • Your SSL Server Certificate - yourdomain_com.crt
Save these Certificates to the desktop of the webserver machine, then:
  • Click the Start Button then select Run and type mmc
  • Click Console and select Add/Remove Snap in
  • Select Add, select Certificates from the Add Standalone Snap-in box and click Add
  • Select Computer Account and Local Computer then click Finish
  • Close the Add Standalone Snap-in box, click OK in the Add/Remove Snap in
  • Return to the MMC
Root Certificate:
  • To install the AddTrustExternalCARoot Root Certificate:
  • The AddTrustExternalCARoot Root Certificate can be obtained here

IIS SSL server certificate - GTECyber TrustRoot

  • Right click the Trusted Root Certification Authorities, select All Tasks, select Import.

IIS SSL server certificate -  certificate import wizard

  • Click Next.

IIS SSL server certificate - file for import

  • Locate the UTN-USERfirst-Hardware Certificate and click Next.
  • When the wizard is completed, click Finish.
Intermediate Certificates:
  • To install the PostiveSSLCA certificate & UTNAddTrustServerCA intermediate Certificates:

IIS SSL server certificate - console

  • Right click the Intermediate Certification Authorities, select All Tasks, select Import.
  • Complete the import wizard again, but this time locating the PostiveSSLCA Certificate when prompted for the Certificate file.
  • Repeat for the UTNAddTrustServerCA intermediate certificate
Check your progress:
  • Ensure that the UTNAddTrustServerCA certificate appears under Trusted Root Certification Authorities
  • Ensure that the PostiveSSLCA & UTNAddTrustServerCA appears under Intermediate Certification Authorities

Installing your IIS SSL Certificate:

    • Click Start.
    • Select Administrative Tools.
    • Start Internet Services Manager.
    • Click Server Name.
    • From the center menu, double-click the "Server Certificates" button in the "Security" section.

    • Select "Actions" menu (on the right), click on "Complete Certificate Request".

    • This will open the Complete Certificate Request wizard.

    • Enter the location of your IIS SSL certificate (you will need to browse to locate your IIS SSL certificate this file will be the certificate sent to you in a zip file and should be named "yourdomainname.crt").Then enter a friendly name. The friendly name is not part of the certificate itself, but is used by the server administrator to easily distinguish the certificate. Then click Ok.
    Note: There is a known issue in IIS 7 giving the following error: "Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created." You may also receive a message stating "ASN1 bad tag value met". If this is the same server that you generated the CSR on then, in most cases, the certificate is actually installed. Simply cancel the dialog and press "F5" to refresh the list of server certificates. If the new certificate is now in the list, you can continue with the next step. If it is not in the list, you will need to reissue your certificate using a new CSR (see our CSR creation instructions for IIS 7). After creating a new CSR, login to your Completessl account and click the 'replace' button for your certificate.
    • After the certificate has been successfully installed to the server, you will need to assign that certificate to the appropriate website using IIS.
    • From the "Connections" menu in the main Internet Information Services (IIS) Manager window, select the name of the server to which the certificate was installed.
    • Under "Sites",select the site to be secured with SSL.
    • From the "Actions" menu (on the right), click on "Bindings".

    • This will open the "Site Bindings" window.

    • In the "Site Bindings" window, click "Add". This will open the "Add Site Binding" window.

    • Under "Type" choose https. The IP address should be the IP address of the site or All Unassigned, and the port over which traffic will be secured by SSL is usually 443. The "SSL Certificate"field should specify the certificate that was installed previously.
    • Click "OK".

    • You now have an IIS SSL server certificate installed.

Important: You must now restart the computer to complete the install

You may want to test the Web site to ensure that everything is working correctly. Be sure to use when you test connectivity to the site.


If you get a security message when viewing the site under https, check the certificate path. If the path does not contain the UTN-USERfirst-Hardware and PostiveSSLCA, similar to this:

Then the intermediate certificates are not properly installed, please check the portion of these instructions regarding the installation of the intermediate certificates.

The proper path looks like this in Internet explorer:
OR this in firefox

copyright © 2015, a division of Complete Web Service LLC &
support | products | contact us | Specials | ssl assurance | privacy policy | site map