How to install a SSL certificate on Microsoft IIS7

After you receive the issued certificate, you can use the Internet Information Services Manager to install the certificate on a Microsoft IIS 7 server. The method described below will work only if the certificate request was generated on the same machine using IIS Manager. Please follow the process described below:

  • After the certificate is issued and sent to you by the Certificate Authority, save it to the accessible location on your server.

You can also download the certificate in your account with us. The downloaded zip file will have a *.p7b file which can be used for the certificate installation on IIS.

  • Open Internet Information Services Manager. For this, go to the Start menu, choose Administrative Tools and select Internet Information Services (IIS) Manager. Otherwise, access it via Win+R > inetmgr > OK.
  • Click on the required server name and go to the ‘Server Certificates’ option in the center menu.

  • Press the ‘Complete Certificate Request’ button in the Actions right-side section.

  • This will run the ‘Complete certificate request’ wizard. Select the certificate file from the Certificate Authority you saved on your machine and give a ‘Friendly name’ to the certificate. Friendly name is not a part of the certificate. It is a local name that you can give to the certificate to distinguish it among the other certificates on the server. After the file is selected and the friendly name is entered, click on OK.

If you are importing the certificate in the PEM-encoded format (the file extension will be *.crt), you may also need to import intermediate and root certificates to the server using Microsoft Management Console. You can use the following guides for COMODO certificates.

The certificates in the PKCS#7 format (*.cer and *.p7b files) do not require additional actions for importing intermediate certificates separately.

Note: There is a chance you may receive an error "Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created” or "ASN1 bad tag value met" when importing the certificate.

To fix it, please cancel the dialogue window of the certificate wizard and press F5 to refresh the list of server certificates. You will see that the certificate is imported, but it will not have a Friendly name. You will be able to assign it to the certificate using MMC.

  • The imported certificate is now shown in the list of Server Certificates. Now you will need to assign the certificate to the website.

  • In the Connections left-side menu, select you webserver, expand the ‘Sites’ menu and choose the website you want to assign the certificate to. After that, click on the ‘Bindings’ option in the Actions section.

  • In the Site Bindings window, click Add.

  • In the Add Site Binding window, choose the following parameters:

Type – https;

IP address – All Unassigned, or your IP address;

Port – 443;

SSL certificate – friendly name of the imported certificate.

After all details are selected, click on the OK button.

  • The new binding has been successfully created.

If the site already has https enabled, and if you want to update the SSL certificate, you will need to choose the Edit button in binding for port 443, select a friendly name for the new certificate from the dropdown list and click OK to apply the changes.

The certificate is now installed. If https connection is still not accessible, you may need to restart the website. You can check the certificate installation via