The following article will guide you how to install SSL certificate for Microsoft IIS and configure the server to use it. In the previous article we have explained How to Create SSL Certificate Request for Microsoft IIS.
After following correctly the steps in our previos article SSL Certificate Signing Request for Microsoft IIS you can process with the issuing to Certificate Authority (CA). You can require the certificate requester to complete some form of validation depending on the certificate.
Step 1 – Submit your SSL Certificate Signing Request for Microsoft IIS to the Certificate Authority
In you Internet Explorer browser in you Certificate Authority server open Microsoft Active Directory Certificate Services. (for example: http://192.X.X.X/certsrv where 192.X.X.X is the IP of you Certificate Authority). The link above should be in Trusted Site. The following page will be displayed. Click on Request a certificate:
Create SSL Certificate Request
In the next step click in Advanced Certificate Request:
Advance SSL Certificate Request
In the next step click in Submit a certificate request by using a base-64-encoded CMS or PKCS#10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file:
Submit a SSL Certificate
In the next step you should paste the SSL Certificate Request created in the previous article. Open the SSL Certificate Request using a text editor (such as Notepad), then copy the text (including the —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– tags) and paste it into the form below:
Submit a SSL Certificate Request or Renewal Request
Click Submit and the following page will be displayed:
Certificate Pending
You can view the status of a pending certificate request by going back in the beginning and clicking on View the status of a pending certificate request:
View the status of a pending certificate request
Step 2 – Complete SSL Certificate Request in Certificate Authority
Open you Certification Authority by clicking on Start – Certification Authority. In our case we are submiting the SSL Certificate Request to our own Certificate Authority by using Active Directory Certificate Services. You can read more about Active Directory Certificate Services in these link.
Certification Authority
After that the console of Certification Authority will be displayed. Click on Pending Requests – Right Click on the SSL Certificate Request – All Tasks – Issue:
Certification-Authority
After these step now we can go back in View the status of a pending certificate request – Click on Saved-Request Certificate- Select Base 64 encoded and Download Certificate:
Download SSL Certificate
Step 3- How to install SSL Certificate on Microsoft IIS
Open Internet Information Services (IIS) Manager by clicking on Administrative Tools > Internet Information Services (IIS) Manager. In the left Connections menu, select the Server name (host) where you want SSL Create Certificate Request for Microsoft IIS. Click Server Name and from the center menu, double-click the “Server Certificates” button in the “Security” section. In the Actions menu (right pane), click Complete Certificate Request:
Complete SSL Certificate Request
In the Complete Certificate Request wizard, on the Specify Certificate Authority Response page, provide the following information:
File name containing the certificate authority’s response: Click the … button to locate the .cer file you received from your Certification Authority
Friendly name: Type a friendly name for the certificate. This is not part of the certificate; instead, it is used to identify the certificate.
Click OK to install the certificate.
Complete Certificate Request
Step 4- Configuration to be done after install SSL Certificate on Microsoft IIS
Now that you’ve successfully installed your SSL certificate, you need to configure your site to use it.
- In Internet Information Services (IIS) Manager, in the Connections pane, expand the name of the server on which the certificate was installed. Then expand Sites and click the site you want to secure using the SSL certificate.
- In the Actions menu (right pane), click Bindings.
In the Site Bindings window, click Add or Edit (if you are doing a renewal of you existing SSL certificate):
Install SSL certificate – Bindings
In the Add Site Binding window, do the following and then click OK.
| Type: | In the drop-down list, select https. |
| IP address: | In the drop-down list, select the IP address of the site or select All Unassigned. |
| Port: | Type 443. (SSL uses port 443 to secure traffic.) |
| SSL certificate: | In the drop-down list, select your new SSL certificate (e.g., yourdomain.com). |
Install SSL certificate – Site Bindings
If you are doing the renewal of you existing SSL certificate, click on Edit and in the drop-down list of SSL Certificate, select your new SSL certificate.
We recommend you to stop and start again the service.
