Skip to main content

Install SSL Certificate on IIS hosted site

Copied from https://www.thesslstore.com

How to Generate a CSR for Microsoft IIS 7

 

The following instructions will guide you through the CSR generation process on Microsoft IIS 7. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below.

1. Open Internet Information Services (IIS) Manager

Click Start, Control Panel, Administrative Tools, and then select Internet Information Services (IIS) Manager.

2. Select the server where you want to generate the certificate

In the left Connections menu, select the server name (host) where you want to generate the request.

3. Navigate to Server Certificates

In the center menu, click the Server Certificates icon under the Security section near the bottom.

MS IIS7 Step3

4. Select Create a New Certificate

In the right Actions menu, click Create Certificate Request.

MS IIS7 Step4

5. Enter your CSR details

In the Distinguished Name Properties window, enter in the required CSR details and then click Next.

Note: To avoid common mistakes when filling out your CSR details, reference our Overview of Certificate Signing Request article.

6. Select a cryptographic service provider and bit length

In the Cryptographic Service Provider Properties window, select Microsoft RSA SChannel Cryptographic Provider and Bit Length of 2048, then click Next.

MS IIS7 Step6

Note: Bit Length: 2048 is the current industry standard. You may choose a larger key size, but only if you have a requirement to do so, as longer key lengths increase latency and may reduce compatibility.

7. Save the CSR

Click Browse to specify the location where you want to save the CSR as a “.txt” file and click Finish.

MS IIS7 Step7

8. Generate the order

Locate and open the newly created CSR from the specified location you choose in a text editor such as Notepad and copy all the text including:

-----BEGIN CERTIFICATE REQUEST-----
And
-----END CERTIFICATE REQUEST-----

MS IIS7 Step8

Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process.

Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles.

After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Microsoft IIS 7.

Manually install an SSL certificate on my IIS 7 server

After your certificate request is approved, you can download your certificate from the SSL manager and install it on your IIS 7 server.

Copy your certificate files onto the server

  1. Find the directory on your server where certificate and key files are stored, then upload your intermediate certificate (gd_iis_intermediates.p7b or similar) and primary certificate (.crt file with randomized name) into that folder.

Add a Certificate Snap-in to the Microsoft Management Console (MMC)

  1. Click on your Start Menu, then click Run.
  2. In the prompt, type mmc and click OK.
  3. Click File, then click Add/Remove Snap-in.
  4. On the new window, click the Add button.
  5. On the new window, select Certificates and click Add.
  6. Select Computer account for the snap-in and click Next.
  7. Click Local computer and click Finish.
  8. Click Close on the Add Standalone Snap-in window.
  9. Click OK on the Add/Remove Snap-in window.

Import the Intermediate SSL Certificate

  1. In the MCC Console, click to expand Certificates (Local Computer).
  2. Right click on the Intermediate Certification Authorities folder, hover over All Tasks and click Import.
  3. On the new window, click Next.
  4. Click Browse, find your previously uploaded intermediate certificate file and click Open.
  5. Click Next, verify that the certificate information is proper and click Finish.
  6. Close the the import was successful notification.

Install your SSL certificate

  1. Click on your Start Menu, then click Run.
  2. In the prompt, type inetmgr and click OK to launch the Internet Information Services (IIS) Manager.
  3. Under the Connections panel on the left, click on your Server Name.
  4. In the main panel under the IIS section, double click on Server Certificates.
  5. Under the Actions panel on the right, click Complete Certificate Request.
  6. On the new window, click ... to browse, find your previously uploaded primary certificate file and click Open.
  7. Add a Friendly name to easily identify this certificate in the future.
  8. Click OK.

Bind the SSL certificate

  1. Under the Connections panel on the left, click to expand the Sites folder.
  2. Click the Site Name that you plan to install the SSL certificate onto.
  3. Under the Actions panel on the right, find the Edit Site section and click Bindings.
  4. On the new window, click Add and fill out the following information:
  • Type: select https.
  • IP Address: select All Unassigned.
  • Port: type in 443.
  • Host name: leave this empty.
  • SSL Certificate: select your recently installed SSL.
  • Click OK to confirm, then Close for the Site Bindings window.

Restart IIS

  1. Under the Actions panel on the right, find the Manage Website section and click Restart.
Back to top