Purpose: SSL/TLS Certificate Installation Guide
For Microsoft IIS8 and IIS10
Need Certificate Signing Request (CSR) help? Please see our technote on how to generate a CSR in IIS 10 here.
The installation is in three parts:
1) Importing CA certificate using Microsoft Management Console (MMC)
2) Installing the certificate on the server
3) Bind Certificate to website
1. Click the Download button in the pickup wizard to download your certificate files. Clicking the download button will produce a zip file that includes your Server Certificate, the Entrust chain/intermediate certificates(s) and the Entrust Root certificate. Extract the files from the zip file.
2. On the server, go to Start > Run > type MMC and hit enter.
3. Click File > Add Remove Snap-in.
4. Select Certificates and click Add.
5. Select Computer Account, click Next, and click Finish.
6. Click OK to close the window.
7. Expand Certificates on the left hand side of the console window.
8. Expand the Trusted Root Certification Authorities folder and click on the Certificates sub-folder.
9. Right click on the Certificates sub-folder under Trusted Root Certification Authorities and select All Tasks > Import.
10. In the import wizard, browse to the Root.crt file downloaded in step 1 and complete the wizard.
11. In the MMC console, expand the Intermediate Certification Authorities folder. Right click on the Certificates sub-folder and select All Tasks > Import.
12. In the import wizard, browse to the Intermediate.crt file downloaded in step 1 and complete the wizard to complete the certificate chain setup process. You should see your Entrust Intermediate certificates listed in the Intermediate Certification Authorities folder. You are now ready to install your signed server certificate.
1. Launch the Server Manager
- From within the Server Manager at the top right corner Select: Tools | Internet Information Services (IIS) Manager
2. From the left hand side under "Connections" select the workstations name
- Once the name is selected, look to the center of the screen and locate "Server Certificates". Once selected double click.
3. Once in the "Server Certificates" to the upper right hand side under "Actions" select: Complete Certificate Request.
4. You will now need to provide the information listed in the screenshot below:
- File name containing the certification authority's response: Provide the path to the Server certificate downloaded from Entrust.net, the default name of the Server certificate file name is "ServerCertificate.crt"
- PLEASE NOTE: You may need to change the file type view setting at the lower right corner of the browser window to be able to see the ServerCertificate.crt (or other files types besides .crt)
- Friendly Name: The friendly name is not linked to the certificate download from Entrust.net, it is used as an identifier after the certificate is installed. You should provide a unique Friendly Name so that you can easily identify what the certificate is used for.
- Select a certificate store for the new certificate: leave the selection set to Personal
Once you have provided the above information select: OK
The certificate is now installed
1. From the left hand side of the IIS Manager, under Connections
- Expand the Server Name
- Now expand the Sites folder and select the site you wish to bind the certificate to
- From the right hand side under Actions, Select: Bindings...
2. From the Site Bindings menu Select: Add
3. From the Add Site Binding, change the settings listed below:
- Type: HTTPS
- SSL Certificate: Select the friendly name of the certificate you wish to bind to the site, you can verify that you have selected the correct certificate by clicking on View...
- Once you have configured the settings Select: OK
4. Now that the bindings has been updated you need to restart the web site
- From the left column under Connections, select your server name
- Select: Restart under the Actions column. Your IIS server will be reset
|Your SSL/TLS certificate should now be installed.|
Check that your Certificate has been successfully installed by testing it on the Entrust SSL Install Checker.