Support Desk

Install SSL Certificate Microsoft IIS 10

Download and unzip your certificate files

Download and unzip your certificate files by clicking on the download link in your fulfillment email or from your GeoCerts SSL Manager account. You will find one .cer file that contains your domain SSL server certificate and any required intermediate CA certificates in PKCS#7 (P7B) format. Copy the file and save it on the same server you used to create the CSR.

  • your_domain_com.cer

Install the PKCS#7 SSL Server Certificate File

  1. Open the Internet Information Services (IIS) Manager. From the Start screen, click or search for Internet Information Services (IIS) Manager and open it.
  2. IIn the IIS Manager, select the server node on the top left under Connections.
  3. Click on the server name.
  4. From the center menu, double-click the Server Certificates button in the IIS section (it is in the middle of the menu).

  5. From the Actions pane on the top right, select Complete Certificate Request.

  6. Browse to your_domain_name.cer file that was downloaded. You will then be required to enter a friendly name. The friendly name is not part of the certificate itself, but is used by the server administrator to easily distinguish the certificate. Choose to place the new certificate in the Personal certificate store.

  7. Click OK to install the certificate.

    BUG ALERT!: There is a known issue in IIS  giving the following error: Failed to remove the certificate If this is the same server that you generated the CSR on then, in most cases, the certificate is actually installed. Simply cancel the dialog and press F5 to refresh the list of server certificates. If the new certificate is now in the list, then it did install to the server. If it is not in the list, you will need to reissue your certificate using a new CSR.
  8. Once the SSL Certificate has been successfully installed to the server, you will need to assign that certificate to the appropriate website using IIS.
  9. From the Connections menu in the main Internet Information Services (IIS) Manager window, select the name of the server to which the certificate was installed.
  10. Under Sites select the site to be secured with SSL.
  11. From the Actions menu (on the right), click on Bindings... This will open the Site Bindings window.

  12. In the Site Bindings window, click Add... This will open the Add Site Binding window.

     

  13. Under Type choose https. The IP address should be the IP address of the site or All Unassigned, and the port over which traffic will be secured by SSL is usually 443. The SSL Certificate field should specify the certificate that was installed in step 7. If you currently have the site secured you will see the HTTPS type listed on the Site Bindings window. In this case you will select the type HTTPS and click the Edit... button.
  14. In either the Add Site Binding or Edit Site Binding window you will select the new certificate in the drop down box listing SSL Certificates. If you are adding a new binding the you will also choose the Type: HTTPS, the IP address: All Unassigned and the Port:443.
  15. You will click OK then Close the Site Bindings Window.
  16. If your certificate contains multiple Site Names (SANS), then you will need complete the Bindings Section again for each site.

Verify Installation

  • To verify if your certificate is installed correctly, use our Certificate Installation Checker.
  • Test your SSL certificate by using a browser to connect to your server. Use the https protocol directive. For example, if your SSL was issued to secure.mysite.com, enter https://secure.mysite.com into your browser.
  • Your browser's padlock icon will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL.

Additional Resources