Feature RequestsCurrent StatusTools WebsiteSubmit Ticket

Install and Configure Your SSL Certificate in IIS 8 or IIS 8.5 on Windows Server 2012

Suggest Edits

(Single Certificate) How to install your SSL certificate and configure the server to use it

Install SSL Certificate

  1. On the server where you created the CSR, save the SSL certificate .cer file (e.g., your_domain_com.cer) that you received.
  2. From the Start screen, find Internet Information Services (IIS) Manager and open it.
  3. In the Connections pane, locate and click the server.
  4. In the server Home page (center pane) under the IIS section, double-click Server Certificates.
875
  1. In the Actions menu (right pane), click Complete Certificate Request.
875

  1. In the Complete Certificate Request wizard, on the Specify Certificate Authority Response page, provide the following information:

    • File name containing the certificate authority's response: Click the … box and browse to and select the .cer file (e.g., your_domain_com.cer) that the certificate authority sent to you.
    • Friendly name: Type a friendly name for the certificate. The friendly name is not part of the certificate; instead, it is used to identify the certificate. Note:We recommend that you add certificate authority's name and the expiration date to the end of your friendly name, for example: yoursite-authority-(expiration date). This information helps identify the issuer and expiration date for each certificate. It also helps distinguish multiple certificates with the same domain name.
    • Select a certificate store for the new certificate: In the drop-down list, select Personal.
687
  1. Click OK to install the certificate.
  2. Now that you've successfully installed your SSL certificate, you need to configure your site to use it.

Assign SSL Certificate

  1. In Internet Information Services (IIS) Manager, in the Connections pane, expand the name of the server on which the certificate was installed.
  2. Then expand Sites and click the site you want to secure using the SSL certificate.
  3. In the Actions menu (right pane), click Bindings.
875
  1. In the Site Bindings window, click Add.
658

  1. In the Add Site Binding window, do the following and then click OK.

    • Type: In the drop-down list, select https.
    • IP address: In the drop-down list, select the IP address of the site or select All Unassigned.
    • Port: Type 443. (SSL uses port 443 to secure traffic.)
    • SSL certificate: In the drop-down list, select your new SSL certificate (e.g., yourdomain.com).
541
  1. Your SSL certificate is now installed, and the website is configured to accept secure connections.
660

(Multiple Certificates) How to install your SSL certificates and configure the server to use them using SNI

Install First SSL Certificate

Do this first set of instructions only once (for the first SSL certificate).

  1. On the server where you created the CSR, save the SSL certificate .cer file (e.g., your_domain_com.cer) that you received from the CA.
  2. From the Start screen, find Internet Information Services (IIS) Manager and open it.
  3. In the Connections pane, locate and click the server.
  4. In the server Home page (center pane) under the IIS section, double-click Server Certificates.
875
  1. In the Actions menu (right pane), click Complete Certificate Request.
875

  1. In the Complete Certificate Request wizard, on the Specify Certificate Authority Response page, provide the following information

    • File name containing the certificate authority's response: Click the … button to locate the .cer file you received from the CA (e.g., your_domain_com.cer).
    • Friendly name: Type a friendly name for the certificate. The friendly name is not part of the certificate; instead, it is used to identify the certificate. We recommend that you add certificate authority's name and the expiration date to the end of your friendly name, for example: yoursite-authority-(expiration date). This information helps identify the issuer and expiration date for each certificate. It also helps distinguish multiple certificates with the same domain name.
    • Select a certificate store for the new certificate: In the drop-down list, select Web Hosting.
687
  1. Click OK to install the certificate.

Note: There is a known issue in IIS 8 where clicking OK throws a Failed to remove the certificate error. If this is the same server that you generated the CSR on, the error can usually be ignored. Simply click OK and press F5 to refresh the list of server certificates. If the new certificate appears in the list, then it was installed successfully; however, you may want to make sure the certificate is also in the Web Hosting certificate store.

If the certificate does not appear on the list after refreshing, you will need to reissue your certificate using a new CSR (see Create Your CSR in IIS 8 or IIS 8.5 on Windows Server 2012). After creating a new CSR, you will need to re-key your certificate.

  1. Now that you've successfully installed your SSL certificate, you need to configure your site to use it.
  2. In Internet Information Services (IIS) Manager, in the Connections pane, expand the name of the server on which the certificate was installed. Then expand Sites and click the site you want to secure using the SSL certificate.
  3. In the Actions menu (right pane), click Bindings.
875
  1. In the Site Bindings window, click Add.
658

  1. In the Add Site Binding window, do the following and then click OK.

    • Type: In the drop-down list, select https.
    • IP address: In the drop-down list, select the IP address of the site or select All Unassigned.
    • Port: Type 443. (SSL uses port 443 to secure traffic.)
    • SSL certificate: In the drop-down list, select the SSL certificate you installed in Step 7 (e.g., yourdomain.com).
541
  1. Your first SSL certificate is now installed, and the website is configured to accept secure connections.
660

Install Additional SSL Certificates

To install and assign each additional SSL certificate, repeat the steps below (as needed).

  1. On the server where you created the CSR, save the SSL certificate .cer file (e.g., your_domain_com.cer) that you received from CA.
  2. From the Start screen, find Internet Information Services (IIS) Manager and open it.
  3. In the Connections pane, locate and click the server.
  4. In the server Home page (center pane) under the IIS section, double-click Server Certificates.
875
  1. In the Actions menu (right pane), click Complete Certificate Request.
875

  1. In the Complete Certificate Request wizard, on the Specify Certificate Authority Response page, provide the following information:

    • File name containing the certificate authority's response: Click the … button to locate the .cer file you received from the CA (e.g., your_domain_com.cer).
    • Friendly name: Type a friendly name for the certificate. This is not part of the certificate; instead, it is used to identify the certificate. Note: We recommend that you add the issuing CA and the expiration date to the end of your friendly name; for example, yoursite-authority-(expiration date). Doing this helps identify the issuer and expiration date for each certificate and also helps distinguish multiple certificates with the same domain name.
    • Select a certificate store for the new certificate: In the drop-down list, select Web Hosting.
687
  1. Click OK to install the certificate.
  2. Now that you've successfully installed your SSL certificate, you need to configure your site to use it.
  3. In Internet Information Services (IIS) Manager, in the Connections pane, expand the name of the server on which the certificate was installed. Then expand Sites and click the site you want to secure using the SSL certificate.
  4. In the Actions menu (right pane), click Bindings.
875
  1. In the Site Bindings window, click Add.
658

  1. In the Add Site Binding window, do the following and then click OK.

    • Type: In the drop-down list, select https.
    • IP address: In the drop-down list, select the IP address of the site or select All Unassigned.
    • Port: Type 443. (SSL uses port 443 to secure traffic.)
    • Host name: Type the host name that you want to secure.
    • Require server name indication: Select this checkbox after you enter the host name. Note: This option is required for any additional certificates/sites after installing the first certificate on the primary site.
    • SSL certificate: In the drop-down list, select the SSL certificate you installed in Step 7 (e.g., yourdomain.com).
541
  1. You have successfully installed another SSL certificate and configured the website to accept secure connections.

Updated about 3 years ago