- SSL.com Support Team
- February 12, 2020
- Certificate Installation, IIS, SSL/TLS, Windows
Note: Before you install a certificate, you will first need to generate a certificate signing request (CSR) and submit it to SSL.com for validation and signing. Please refer to our how-to on CSR generation in IIS 10 and guide to submitting a CSR. Note that you can also order and install SSL/TLS certificates with SSL Manager, SSL.com’s free tool for Windows certificate management.
Time needed:30 minutes
This how-to will walk you through downloading and installing an SSL/TLS certificate from SSL.com in IIS. These procedures were tested on Windows 10 in IIS 10, but will also work in IIS 7.x and 8.x.
- Locate certificate order.
First, locate the order in your SSL.com account and click one of the download links.
- Download certificate.
Next, click the download link to the right of Microsoft IIS (*.p7b) in the certificate downloads table.
- Start IIS Manager.
Start IIS Manager. One quick way to do this is by opening the Run command, then typing
inetmgr
and clicking the OK button. - Select server.
Select the server in the Connections pane, on the left side of the window.
- Open Server Certificates.
Double-click the Server Certificates icon, located under IIS in the center pane of the window.
- Click “Complete Certificate Request…”
Click Complete Certificate Request… in the Actions pane, on the right side of the window.
- Click … button.
The Complete Certificate Request wizard will appear. First, click the button labeled “…” to open the file open dialog box.
- Navigate to certificate file.
Navigate to the
.p7b
file you downloaded from SSL.com. Note that you will have to change the drop-down menu to the right of the File name field from*.cer
to*.*
to see the file. - Open file.
Click the Open button.
- Create a friendly name.
Next, enter a memorable name for the certificate in the Friendly name field (here we are simply entering the certificate’s common name).
- Click OK.
Click the OK button.
- Finished!
The certificate is installed! The next step is to bind the certificate to a particular website, port, and/or IP address. Please read our how-to on binding in IIS for complete instructions.
If you received an error message about the private key/certificate request being missing, then try the following from a Command Prompt opened as Administrator (substitute “serial number” with your certificate’s actual serial number, in quotes, including spaces):
certutil -repairstore my "serial number"
Detailed instructions are available here.
Next Steps
For information on binding your certificate in IIS 10, read here.
Thank you for choosing SSL.com! If you have any questions, please contact us by email at [email protected], call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. You can also find answers to many common support questions in our knowledgebase.
Related How Tos
Subscribe to SSL.com’s Newsletter
What is SSL/TLS?
Play Video
Subscribe To SSL.com’s Newsletter
Don’t miss new articles and updates from SSL.com