IIS 7 SSL Certificate Installation


New: IIS 7 installation video walkthrough

After DigiCert issues your SSL Certificate, you first need to install the certificate on the server from which you generated the certificate signing request (CSR). Then, you can assign or bind the certificate to the appropriate website.


Using IIS 7 to Install the SSL Certificate

    1. Open the ZIP file that contains your SSL Certificate and save the SSL Certificate file (your_domain_name.cer) to the desktop of the web server that you are securing.
    2. Open Internet Information Services (IIS) Manager.

      In the Windows Start menu, click Administrative Tools > Internet Information Services (IIS) Manager.

    3. In Internet Information Services (IIS) Manager, under Connections, select your server’s Hostname.

    4. In the center menu, in the IIS section, double-click the Server Certificates icon.
    5. In the Actions menu, click Complete Certificate Request to open the Complete Request Certificate wizard.

    6. In the Complete Certificate Request wizard, on the Specify Certificate Authority Response page, under File name containing the certification authority’s response, click  to browse to the .cer certificate file that DigiCert sent you, select the file, and then, click Open.

    7. Next, in the Friendly name box, enter a friendly name for the certificate. The friendly name is not part of the certificate; instead, it is used to identify the certificate.

      We recommend that you add DigiCert and the expiration date to the end of your friendly name, for example: yoursite-DigiCert-expirationDate. This information helps identify the issuer and expiration date for each certificate. It also helps distinguish multiple certificates with the same domain name.

    8. To install the SSL Certificate to the server, click OK.

      Known Issue in IIS 7:

      There is a known issue in IIS 7 where the following error message is displayed: “Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created.” You may also receive a message stating: “ASN1 bad tag value met”.


      If this is the server where you generated the CSR, in most cases, the certificate is actually installed. Simply close Internet Information Services (IIS) Manager and reopen it to refresh the list of server certificates. The new certificate should now be in the list, and you can continue with the next step.

      If the new certificate is not in the list, you need to one of the following things:

    9. Once you have successfully installed the SSL Certificate to the server, you still need use IIS 7 to assign or bind that certificate to the appropriate website.

Using IIS 7 to Assign or Bind the Certificate to the Your Website

  1. In Internet Information Services (IIS) Manager, under Connections, expand your server’s name, expand Sites, and then, select the site that you want to secure with your SSL Certificate.

  2. In the Actions menu, under Edit Site, click Bindings.
  3. In the Site Binding window, click Add.

  4. In the Add Site Bindings window, enter the following information and then, click OK:
    Type: In the drop-down list, select https.
    IP address: In the drop-down list, select All unassigned.
    If your server has multiple IP addresses, select the one that applies.
    Port: Enter 443, unless you are using a non-standard port for SSL traffic.
    SSL certificate: In the drop-down list, select the friendly name of the certificate that you just installed.

  5. Your SSL certificate is now installed, and your website is configured to accept secure connections.

IIS SSL Certificates, Guides, & Tutorials


Additional Information


  1. If your web site is publicly accessible, our SSL Cert Tester tool can help you diagnose common problems.
  2. Open a web browser and visit your site using https. It is best to test with both Internet Explorer as well as Firefox, because Firefox will give you a warning if your intermediate certificate is not installed. You should not receive any browser warnings or errors. If you immediately receive a browser message about the site not being available, then IIS 7 may not yet be listening on port 443. If your web request takes a very long time, and then times out, a firewall blocking traffic on TCP port 443 to the web server.
  3. Note for ISA servers: If your ISA 2004 or 2006 server is not sending the intermediate certificate, you need to fully reboot the server. We have confirmed this to be true with many customers: ISA server will not properly send the intermedate certificate chain until after a full reboot.

SSL Certificates :: Microsoft Internet Information Server 7

Cómo IIS 7 instalar certificado SSL.

How to install your SSL Digital Certificate to Windows Server 2008.