Use the DigiCert Certificate Utility to Install Your SSL Certificate on Your Server

After DigiCert has validated your order and has issued the SSL certificate, you can use the DigiCert® Certificate Utility for Windows to install the certificate file to your Microsoft server.

If you have not yet created a CSR and need a simple way to create it, see the CSR Creation Instructions for Microsoft Servers.

How to Import an SSL Certificate to Your Microsoft Server

  1. On the Windows server or workstation where you created the CSR, open the ZIP file containing your SSL certificate and save the contents of the file (i.e. your_domain_com.cer) to the folder where you saved the DigiCert Certificate Utility executable (DigiCertUtil.exe).

  2. Run the DigiCert® Certificate Utility for Windows (double-click DigiCertUtil).

  3. In DigiCert Certificate Utility for Windows©, click SSL (gold lock)and then, click Import.

    Import an SSL certificate

  4. In the Certificate Import wizard, click Browse to browse to the .cer certificate file (i.e. your_domain_com.cer) that DigiCert sent you, select the file, click Open, and then, click Next.

    Certificate Import wizard

  5. In the Enter a new friendly name or you can accept the default box, type a friendly name for the certificate.

    Note:    The friendly name is not part of the certificate; instead, it is used to identify the certificate.

    We recommend that you add DigiCert and the expiration date to the end of your friendly name, for example: yoursite-digicert-(expiration date). This information helps identify the issuer and expiration date for each certificate. It also helps distinguish multiple certificates with the same domain name.

    Certificate Import wizard

  6. To import the SSL certificate to your server, click Finish.

    You should receive a message that the certificate was successfully imported. You should now see your SSL certificate in the DigiCert Certificate Utility for Windows©, under SSL certificates.

    Note: If you get the Private Key Missing error, see Troubleshooting.

    Import an SSL certificate

  7. You must now configure your Microsoft server to use this SSL certificate.

 

Assign & Configure Server Software to Use the SSL Certificate

After you have imported the SSL certificate, you need to configure your Microsoft server to use it to secure your website or email connections. Follow the instructions for your specific server platform.

IIS 10 Exchange 2016 Office 365
IIS 8/8.5 Exchange 2013 SharePoint 2013
IIS 7 Exchange 2010 SharePoint 2010
IIS 5/6 Exchange 2007
Exchange 2003

Export an SSL Certificate

If you need to export an installed SSL certificate from a Microsoft server type with its corresponding private key as a .pfx file to use either as a backup or for importing to another server, see DigiCert SSL Cert Util SSL Import/Export Instructions.

Test Your Installation

To verify that the installation is correct, use our DigiCert® SSL Installation Diagnostics Tool and enter the DNS name of the site that you are securing to test your SSL certificate (i.e. www.yourdomain.com, or mail.yourdomain.com).

Troubleshooting

Private Key Missing Error

If the utility cannot find the private key associated with the public key included with the certificate, you receive the "Private Key Missing" error, which will prevent you from successfully importing the certificate and exporting it as a .pfx file. To remedy the problem, you need to figure out why you are receiving the error and then take the appropriate action.

  1. Private Key on Different Machine

    Most of the time, you get this error because the private key is on a different machine than the one you are importing the certificate to. For example, if you created the CSR for the certificate on a different machine than the one you are importing the certificate to, our certificate utility will be unable to find the private key associated with the public key in the certificate.

    To fix this problem, you need to locate the machine where you created the CSR and import the certificate to it. Then, you will be able to export the certificate as a .pfx file, if needed.

    Important: If you've lost the private key, you need to create a new CSR and reissue/rekey the certificate.

  2. Wrong Certificate

    Sometimes, you have the right private key, but accidentally downloaded the wrong certificate. Often this happens when you have created multiple duplicate certificates.

    To fix this problem, you need to download the correct certificate and import it to your machine. Then, you will be able to export the certificate as a .pfx file if needed.