Copy and Import an SSL Certificate Into an IIS 7 Server

Instructions for Copying a PFX file onto Another IIS 7 Server with the DigiCert Utility

This page explains how to import a PFX file from a server into your IIS 7 server using the DigiCert Certificate Management Utility. If you haven't done so yet, you will need to first export your IIS 7 SSL certificate from the server it is installed onto, then follow the instructions below to import it.

Now that you've backed up your SSL Certificate and Private Key file as a .PFX file you will now need to copy that file to other servers, run the DigiCert utility and import it, then make sure your website in IIS 7 is set up to use the new certificate.

Using the DigiCert Certificate Management Utility for Importing a PFX file to Your IIS 7 Server

1. Download the DigiCert Certificate Management Tool and run it on the IIS 7 server you want to import the certificate to.

2. Click the Import button then browse to the www_domain_com.pfx file and click to the next step.
   
   

3. Enter the Password the PFX file was given and click to the next step.

4. Choose a Friendly Name give the certificate a name that you'll select it by for assigning the certificate to a website and click Finish.
   You will then receive a message that the certificate has been successfully imported.
   
   

Open the Web Site Properties

For IIS 7, SSL certificates are bound to a website by binding the website to a certain IP address and port combination. To configure the site binding for SSL do the following:

1. Open Internet Information Services (IIS) Manager by clicking Start and navigating through Administrative Tools to Internet Information Services (IIS) Manager.
   

2. In the Connections pane on the left expand your 'ServerName' > Sites and select the site or domain you want to bind the SSL certificate to.

3. Open the Site Bindings window by clicking below 'Edit Site...' onto Bindings.
   
   

4. If the Server already has an SSL certificate assigned to this website on it (e.g. you are replacing an expiring certificate) then you will need to:
   
   Click the Add... button to open the "Add Site Binding" window.
   
   
   
   Otherwise, you'll need to select the https binding for the site, and click the Edit... button to open the "Edit Site Binding" window.
   
   

5. On the 'Add/Edit Site Binding' screen enter the following information:
   
   Type: https.
   IP address: All Unassigned (if your server has multiple IP addresses, select the one that applies).
   Port: 443 (unless for some reason you're using a non-standard port for SSL traffic, if so enter that number).
   SSL Certificate: Select the newly imported certificate by its Friendly Name.
   
   
   
   

Your SSL certificate is now copied and installed to your IIS 7 server. Repeat the above steps for as many servers as you need the SSL Certificate installed onto

Troubleshooting

If you run into any certificate errors, try Repairing Certificate Trust Errors using DigiCert's Utility. If this doesn't fix the errors please, use the contact information from the Utility to reach support.