IIS SSL

Importing and Configuring the Copy of Your SSL Certificate on Your IIS 8 Server

Before you can import the copy of your SSL Certificate to your IIS 8 server, you must first export the SSL Certificate and Private Key as a .pfx file from the server on which the certificate is installed. See DigiCert Certificate Utility SSL Certificate Export Instructions.

To import and configure the copy of your SSL Certificate, do the following:

After you export your SSL Certificate and Private Key file as a .pfx file, you can copy (import) that file to other servers and then configure your websites to use the certificate.

  1. Import the .pfx file to your IIS 8 server using the DigiCert Certificate Utility.

    How to Use the DigiCert Certificate Utility to Import a .pfx File to Your IIS 8 Server

  2. Configure your website to use the SSL Certificate using IIS 8.

    How to Use IIS 8 to Assign the Certificate to the Your Website

 

1. How to Use the DigiCert Certificate Utility to Import a .pfx File to Your IIS 8 Server

  1. On your IIS 8 server to which you want to import your certificate, download and save the DigiCert® Certificate Utility for Windows executable (DigiCertUtil.exe).

  2. Run the DigiCert® Certificate Utility for Windows.

    Double-click DigiCertUtil.

  3. In DigiCert Certificate Utility for Windows©, click SSL (gold lock) and then, click Import.

    DigiCert Utility Import Me

  4. In the Certificate Import wizard, click Browse to browse to the .pfx certificate file (i.e. your_domain_com.pfx), select the file, and click Open, and then, click Next.

    DigiCert Utility Import Me

  5. In the Password box, enter the password for the .pfx file and then click Next.

    DigiCert Utility Import Me

  6. In the Enter a new friendly name or you can accept the default box, type a friendly name for the certificate.

    Note:    The friendly name is not part of the certificate; instead, it is used to identify the certificate.

    We recommend that you add DigiCert and the expiration date to the end of your friendly name, for example: yoursite-digicert-(expiration date). This information helps identify the issuer and expiration date for each certificate. It also helps distinguish multiple certificates with the same domain name.

    Give SSL Cert a Friendly Name

  7. Click Finish to import the SSL Certificate (.pfx file) to your IIS 8 server.

    You should receive a message that the certificate was successfully imported. You should now see your SSL Certificate in the DigiCert Certificate Utility for Windows©, under SSL Certificates.

  8. Now, you can configure your IIS 8 server to use this SSL Certificate.

 

2. How to Use IIS 8 to Assign the Certificate to the Your Website

In IIS 8, SSL Certificates are assigned to a website by binding the website to a specific IP address and port combination.

 

Adding Site Bindings (Website Does Not Have Binding for HTTPS)

  1. Open Internet Information Services (IIS) Manager.

  2. In Internet Information Services (IIS) Manager, under Connections, expand your server’s name, expand Sites, and then click the site or domain to which you want to bind the SSL Certificate.

    Internet Information Services (IIS) Manager

  3. In the Actions menu, under Edit Site, click Bindings.

  4. In the Site Bindings window, click Add.

    Site Bindings

  5. In the Add Site Binding window, enter the following information:

    Type In the drop-down list, select https.
     
    IP address In the drop-down list, select All Unassigned.
     
    Port Enter 443. The port for SSL traffic is usually port 443.
     
    SSL certificate In the drop-down list, select the recently imported SSL Certificate by its friendly name.

    Add Site Bindings

  6. Click OK.

    Your SSL Certificate should now be copied to and installed on your IIS 8 server.

 

Editing Site Bindings (Website Has Binding for HTTPS)

  1. Open Internet Information Services (IIS) Manager.

  2. In Internet Information Services (IIS) Manager, under Connections, expand your server’s name, expand Sites, and then click the site that you want to secure (usually the default website).

    Internet Information Services (IIS) Manager

  3. In the Actions menu, under Edit Site, click Bindings.

  4. In the Site Bindings window, select bindings for https and then, click Edit.

    Site Bindings

  5. In the Edit Site Binding window, enter the following information:

    IP address In the drop-down list, select All Unassigned. If your server has multiple IP addresses, select the one that applies.
     
    Host name If you are using Server Name Indication, enter the hostname that you are securing.
     
    Require Server Name Indication If you are using Server Name Indication, check this check box.
     
    SSL certificate In the drop-down list, select the recently imported SSL Certificate by its friendly name.

    Edit Site Bindings

  6. Click OK.

    Your SSL Certificate should now be copied to and installed on your IIS 8 server.

Test Your Installation

To verify that the installation is correct, use our DigiCert® SSL Installation Diagnostics Tool and enter the DNS name of the site (i.e. www.yourdomain.com, or mail.yourdomain.com) that you are securing to test your SSL Certificate.

Troubleshooting

If you run into certificate errors, try repairing your certificate trust errors using DigiCert® Certificate Utility for Windows. If this does not fix the errors contact support.