How do I install an SSL Certificate into Microsoft IIS 10? (2024)

Table of Contents
Part I - Installing the Root Certificate Part II - Installing the Intermediate (chaining) Certificate Part III - Installing the Certificate OCSP Stapling Support

Solution

This tutorial will be given in 3 parts. All parts must be completed, but you may find that either Part I and/or Part II may already be completed depending on your security settings and the version of your Windows Server. If the certificate installation is a renewal of an already existing QuoVadis certificate, you may not need to do Parts I and II as you should already have installed the certificates previously. The intermediate files (Part II) must also be installed to ensure that some browsers do not show a certificate error.

Part I - Installing the Root Certificate

Generally, your Windows Server should have the QuoVadis Root certificates installed, however there have been cases where they have not been. When you install the SSL certificate, if the root certificate is not present, the system will prompt you to trust it, which will also install it.

First you must open the Microsoft Management Console.

See Also
CSR Creation & SSL Certificate Installation

  1. Click on Start and then type MMC. This should display "mmc - Run command" as the best match. Click on it to open the Microsoft Management Console.

  2. The Console1 window will appear.

  3. Click on File at the top and then select Add/Remove Snap-in... Alternatively, you can press Ctrl + M.

  4. In the Add/Remove Snap-in window, click on the Add... button at the bottom. This will open a third window named Add Standalone Snap-in.

  5. Scroll down in the Add Standalone Snap-in window and find the Certificates component. Once found, highlight it and click on the Add button at the bottom. Alternatively, you can double-click on Certificates.

  6. In a new window, you will be given 3 options for which account you want the certificates snap-in to manage.

  7. Select the Computer account radio button and click on the Next button.

  8. At the next screen, click on the Finish button.

  9. Click on the ">" sign next to Certificates (Local Computer) to expand it (if it isn't already expanded).

  10. Locate and expand the Trusted Root Certification Authorities store and the click on the Certificates folder underneath it.

  11. In the right hand pane, you should see a list of certificates.Click on any certificate that you see and press the letter "Q" on your keyboard to fast-track to the QuoVadis root certificates. Verify that you have the correct Root CA certificate in this list of certificates in the right hand pane. The correct certificate is shown and available for download within the certificate download page within Trust/Link. If this certificate is in the Trusted RootCertification Authorities store, then you can skip to Part II​ to check for the Intermediate Certificate. If this certificate is not installed, then the next steps will guide you through the process of installing this file.

  12. Place the certificate in a directory where it can be accessed by the server.

  13. Right-click on the Certificates folder underneath the Trusted Root Certification Authorities folder and in the drop-down menu, select All Tasks and then click on Import.

  14. The Certificate Import Wizard will appear. At the welcome screen, click on the Next button.

  15. You must specify the file to import. Click on the Browse... button and find and select the Root CA certificate. Once selected, it should appear in the File name: field. Click on the Next button.

  16. On the next screen, the option for Place all certificates in the following store should be selected by default and in the Certificate store: field should be Trusted Root Certification Authorities. Click on the Next button.

  17. At the summary screen, click on the Finish button.

  18. You should get a message that reads, "The import was successful."

Part II - Installing the Intermediate (chaining) Certificate

Part II explains how to install the intermediate files that are required. QuoVadis uses an intermediate certificate that must be installed on the server to prevent errors in certain browsers. You may want to go through these steps and if the intermediate certificate is not installed, then please obtain it and follow through with the rest of Part II. Part II assumes that you currently have the Microsoft Management Console open. If you do not, you can find the instructions in Part I of this guide, steps 1-8.

  1. Click on the ">" sign next to Certificates (Local Computer) to expand it.

  2. Locate and expand the Intermediate Certification Authorities store and then click on the Certificates folder underneath it.

  3. In the right hand pane, you should see a list of certificates. Verify that you have the correct Intermediate CA certificate (Chain) in this list of certificate in the right hand pane. The correct certificate is shown and available for download within the certificate download page within Trust/Link. If this certificate is in the Intermediate Certification Authorities store, then you can skip to Part III. If you do not, then the next steps will guide you through the process of installing this file.

  4. Place the certificate in a directory where it can be accessed by the server.

  5. Right-click on the Certificates folder underneath the Intermediate Certification Authorities folder and in the drop-down menu, select All Tasks and then click on Import.

  6. The Certificate Import Wizard will appear. At the welcome screen, click on the Next button.

  7. You must specify the file to import. Click on the Browse... button and find and select theIntermediate CA(Chain)certificate. Once selected, it should appear in the File name: field. Click on the Next button.

  8. On the next screen, the option for Place all certificates in the following store should be selected by default and in the Certificate store: field should be Intermediate Certification Authorities. Click on the Next button.

  9. At the summary screen, click on the Finish button.

  10. You should get a message that reads, "The import was successful."

Part III - Installing the Certificate

Part III explains how to install the SSL certificate and bind (assign) it to a website.

  1. Click on Start. Go to Administrative Tools and then click on Internet Information Services (IIS) Manager.

  2. Click on the name of the server in the left Connections pane. This should be the same server that you previously created a CSR for.

  3. In the middle pane, double-click on Server Certificates icon.

  4. In the right Actions pane, click on Complete Certificate Request...

  5. In the Complete Certificate Request window that appears, click on the ellipses (...) button and navigate to the server certificate you received from QuoVadis.

    Note: Trust/Link by default supplies its certificates in PEM format with the file extension *.crt. When you browse for a certificate, IIS initially looks for a file with the *.cer extension. You will need to specify *.* in the drop-downin order to selectyour *.crt file. Alternatively, you could also renameyour certificate file extension to *.cer.


  6. Type in a name for this certificate in the Friendly name: field.

    Note: The friendly name is a name given to the certificate which is used to help differentiate between certificates.


  7. Select Personal from the drop-down list and then click on the OK button.

    You should see your newly installed certificate in a list.


  8. Go back into the left Connections pane and expand the Sites folder and select the website that you want to bind (install) the SSL certificate to.

  9. Once the Web Site is selected, click on the Bindings... link in the right Actions pane.

  10. The Site Bindings window appears. Click on the Add... button.

  11. In the Add Site Binding window, change the Type: field to "https" by selecting it from the drop-down menu.

  12. In the SSL certificate: field, select the friendly name of the certificate that you installed. Once you have selected this, click on the OK button.

  13. Note: In most cases, the IP Address: field will be kept to All Unassigned unless the website has a specific IP Address it needs to be assigned too.

  14. Back in the previous Site Bindings window, you should see the binding for port 443 in the list. Click on the Close button once completed.

OCSP Stapling Support

Although optional, it is highly recommended to enable OCSP Stapling which will improve the SSL handshake speed of your website.

Windows Server 2016 automatically utilizes OCSP Stapling by default. No additional configuration is required.

You can read up on more on OCSP Stapling at https://support.quovadisglobal.com/KB/a415/what-is-ocsp-stapling.aspx.

How do I install an SSL Certificate into Microsoft IIS 10? (2024)
Top Articles
The failure of a love marriage - The Sunday Guardian Live
The Psychological Impact of Scams | Feedzai
Craigslist Myrtle Beach Motorcycles For Sale By Owner
Restaurer Triple Vitrage
Faint Citrine Lost Ark
80 For Brady Showtimes Near Marcus Point Cinema
Comforting Nectar Bee Swarm
David Packouz Girlfriend
Tugboat Information
State Of Illinois Comptroller Salary Database
Aita Autism
Tcu Jaggaer
Thayer Rasmussen Cause Of Death
Voyeuragency
Watch TV shows online - JustWatch
Magic Mike's Last Dance Showtimes Near Marcus Cedar Creek Cinema
Video shows two planes collide while taxiing at airport | CNN
List of all the Castle's Secret Stars - Super Mario 64 Guide - IGN
H12 Weidian
Ge-Tracker Bond
Project, Time & Expense Tracking Software for Business
Seeking Arrangements Boston
Aliciabibs
Elite Dangerous How To Scan Nav Beacon
Jayme's Upscale Resale Abilene Photos
Expression Home XP-452 | Grand public | Imprimantes jet d'encre | Imprimantes | Produits | Epson France
2004 Honda Odyssey Firing Order
Tomb Of The Mask Unblocked Games World
6143 N Fresno St
Serenity Of Lathrop - Manteca Photos
Navigating change - the workplace of tomorrow - key takeaways
Lake Dunson Robertson Funeral Home Lagrange Georgia Obituary
THE 10 BEST Yoga Retreats in Konstanz for September 2024
Go Upstate Mugshots Gaffney Sc
Aliciabibs
Crazy Balls 3D Racing . Online Games . BrightestGames.com
Mixer grinder buying guide: Everything you need to know before choosing between a traditional and bullet mixer grinder
Appraisalport Com Dashboard Orders
RECAP: Resilient Football rallies to claim rollercoaster 24-21 victory over Clarion - Shippensburg University Athletics
'Guys, you're just gonna have to deal with it': Ja Rule on women dominating modern rap, the lyrics he's 'ashamed' of, Ashanti, and his long-awaited comeback
888-822-3743
At Home Hourly Pay
Wpne Tv Schedule
Anonib New
French Linen krijtverf van Annie Sloan
Who Is Nina Yankovic? Daughter of Musician Weird Al Yankovic
Deshuesadero El Pulpo
Kenmore Coldspot Model 106 Light Bulb Replacement
Who We Are at Curt Landry Ministries
Die 10 wichtigsten Sehenswürdigkeiten in NYC, die Sie kennen sollten
Latest Posts
Are Goldbacks Worth It? - Hero Bullion
Open banking: shining light on the dark side of Buy Now, Pay Later (BNPL)
Article information

Author: Carlyn Walter

Last Updated:

Views: 6025

Rating: 5 / 5 (70 voted)

Reviews: 85% of readers found this page helpful

Author information

Name: Carlyn Walter

Birthday: 1996-01-03

Address: Suite 452 40815 Denyse Extensions, Sengermouth, OR 42374

Phone: +8501809515404

Job: Manufacturing Technician

Hobby: Table tennis, Archery, Vacation, Metal detecting, Yo-yoing, Crocheting, Creative writing

Introduction: My name is Carlyn Walter, I am a lively, glamorous, healthy, clean, powerful, calm, combative person who loves writing and wants to share my knowledge and understanding with you.