Installing SSL Certificate TopicsInstallation of an SSL on Certificate Microsoft® IIS 7.x
Installing a certificate on Microsoft® IIS 7.x
You will have received your certificate file from us, usually named 'your_domain_com.cer'. Alternatively, you may have received it as several files: 'your_domain_com.crt' and intermediate certificates UTNAddTrustServer_CA.crt and NetworkSolutions_CA.crt. The root certificate AddTrustExternalCARoot.crt may also be provided.
Copy the file(s) you received to the server.
- Click the 'Start' menu. Select 'Administrative Tools', then 'Internet Information Services (IIS) Manager'.
- Click the server name.
- In the menu, click the 'Server Certificates' button in the 'Security' section.
- On the right-hand-side, click the Complete Certificate Request...' Action. This will begin the Request Certificate Wizard.
- The wizard will prompt for the certificate. Enter the certificate path and filename (this can have a .cer or .crt extension), and enter a 'Friendly Name'. This is simply a name for the certificate for your own reference. We advise you to use the domain name of the certificate.
Click 'OK', and the certificate will be installed.
Note: Due to a bug in IIS 7, you may receive an error message at this point:
"Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created.", or an error referring to a "Bad ASN1 tag.".
As long as you generated the CSR on this server, you can simply click 'OK' to the error message, and refresh the certificate list in IIS 7. In most cases, the certificate will actually be correctly installed.
- Now the certificate is installed, IIS 7 requires that bindings be added to the site requiring the certificate.
Select the website from the left-hand side, and on the right-hand menu, click 'Bindings...'.
- In the 'Site Bindings' pop-up, click the 'Add' button.
- Change the 'Type' setting to 'https'. Select the site's IP address (or leave to 'All Unassigned' if this is the only site with an SSL certificate on this server). Leave the 'Port' at 443 unless you know you can change it. From the 'SSL certificate' drop-down menu, choose the name of the certificate you just installed. The 'View' button can be used to confirm which certificate you have chosen.
Finally click 'OK' to add the binding, and click 'Close' in the 'Site Bindings' window.
- The certificate is now installed on the site.
Installing Root and Intermediate Certificate installation via MMC
1. Open up the Microsoft Management Console (MMC)
Start -> Run -> Type "mmc" (without quotes) and Click 'OK' or hit Enter on your keyboard.
2. Open 'Add/Remove Snap-in' Window
File -> Add/Remove Snap-in
3. Add the Certificates Snap-in
Click 'Add' then double-click 'Certificates'
4. Select 'Computer Account' and click 'Next'
Note: This step is very important. It must be the 'Computer Account' and no other account
5. Select 'Local Computer' and click 'Finish'
6. Close the 'Add Standalone Snap-in' window and click 'OK' in the 'Add/Remove Snap-in' Window.
7. Will now be returned to the MMC.
Install/Import the Root and Intermediates Certificate
1. Expand the Certificates section by clicking on the plus (+) sign and turn it to a minus (-) sign to expose the 'Certificates' tree.
2. Import the Root Certificate
Right-click on 'Trusted Root Certification Authorities', select 'All Tasks', then select 'Import'.
Locate the Root Certificate and click Next.
When the wizard is completed, click Finish.
3. Import Intermediate(s)
The process is the exact same except the area of interest is 'Intermediate Certification Authorities' instead of 'Trust Root Certificate Authorities' and the file(s) that are to be imported are the remaining files outside of your domain certificate.
4. Restart Website through IIS.
Note: If you're page is still showing certificate errors, one may have to stop and start the website or even the IIS Service itself. If this fails one may have to restart the server itself. Do keep in mind that rebooting the server is to be used as a last resort. Please contact support if you require further assistance.