Installing an SSL certificate on a Microsoft IIS
Installing a certificate on a Microsoft IIS web server requires certificate files and its key.
For example, consider installing a Sectigo SSL certificate.
We have 4 certificate files and the certificate key itself:
- domain_name.key - The private key of the certificate, which is generated by creating a Certificate Signing Request (CSR)
- domain_name.crt - SSL domain certificate
- AAACertificateServices.crt - root certificate
- SectigoRSADomainValidationSecureServerCA.crt - intermediate certificate
- USERTrustRSAAAACA.crt - intermediate certificate
Combine the root and intermediate certificates:
If you get an error like:
then check the domain_name.key file to make sure it contains entries:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
During the conversion, specify the password for the certificate, you will need it during the installation of the certificate in Windows.
Now the file domain_name.pfx, can be loaded into Windows. To do this perform:
- Press "Start" and select "Run".
- At "Run" enter "MMC" and press "OK". MMC will open.
- Click on the File window and select "Add / Remove Snap-In".
- Find "Certificates" and press "Add".
- Select "Computer Account" and press "Next".
- Select "Local Computer" and press "Finish".
- Click "OK" to close the "Add / Remove Snap-In" window.
- Double click on "Certificates (Local Computer)" in the center of the window.
- Right click on the "Personal" folder.
- Select "All tasks" and click on "Import".
- Follow "Certificate Import Wizard" to import the "Primary Certificate" from .PFX file.
- Select the .PFX and enter the password we had set during the converted certificate.
- When prompted, select "Automatically select the certificate store based on the type of certificate".
- Click "Finish" to close the Certificate Import Wizard.
Next, you need to bind the certificate to the domain itself:
Open IIS and select the desired site and select "Bindings":
In the Type field, select https, in the SSL certificate field, the certificate you added earlier.
Press OK, then 443 port should be added