Install and Configure Your SSL Certificate in IIS 8 or IIS 8.5 on Windows Server 2012

  Print

Install and Configure Your SSL Certificate in IIS 8 or IIS 8.5 on Windows Server 2012

(Single Certificate) How to install your SSL certificate and configure the server to use it

Install Your SSL Certificate

On the server where you created the CSR, save the SSL certificate .cer file (e.g., your_domain_com.cer) that you received.
From the Start screen, find Internet Information Services (IIS) Manager and open it.
In the Connections pane, locate and click the server.
In the server Home page (center pane) under the IIS section, double-click Server Certificates.

IIS 8 Security Certificates
In the Actions menu (right pane), click Complete Certificate Request.

IIS 8 Create Certificate Request
In the Complete Certificate Request wizard, on the Specify Certificate Authority Response page, provide the following information:

File name containing the certificate authority's response:Click the button to locate the .cer file you received from certificate authority.
(e.g., your_domain_com.cer).
Friendly name:Type a friendly name for the certificate. This is not part of the certificate; instead, it is used to identify the certificate.

Note: We recommend that you add the issuing CA and the expiration date to the end of your friendly name; for example, yoursite-authority-(expiration date). Doing this helps identify the issuer and expiration date for each certificate and also helps distinguish multiple certificates with the same domain name.
Select a certificate store for the new certificate:In the drop-down list, select Personal.
IIS 8 Complete Certificate Request
Click OK to install the certificate.
Now that you've successfully installed your SSL certificate, you need to configure your site to use it.
Assign Your SSL Certificate

In Internet Information Services (IIS) Manager, in the Connections pane, expand the name of the server on which the certificate was installed. Then expand Sites and click the site you want to secure using the SSL certificate.
In the Actions menu (right pane), click Bindings.

IIS 8 Web Site Home Page Bindings
In the Site Bindings window, click Add.

IIS 8 Site Bindings Window (Unconfigured)
In the Add Site Binding window, do the following and then click OK.

Type:In the drop-down list, select https.
IP address:In the drop-down list, select the IP address of the site or select All Unassigned.
Port:Type 443. (SSL uses port 443 to secure traffic.)
SSL certificate:In the drop-down list, select your new SSL certificate (e.g., yourdomain.com).
IIS 8 Add Site Binding Dialog
Your SSL certificate is now installed, and the website is configured to accept secure connections.

IIS Site Bindings Window (Configured)

(Multiple Certificates) How to install your SSL certificates and configure the server to use them using SNI

Install First SSL Certificate

Do this first set of instructions only once (for the first SSL certificate).

  1. On the server where you created the CSR, save the SSL certificate .cer file (e.g., your_domain_com.cer) that you received from the CA.
  2. From the Start screen, find Internet Information Services (IIS) Manager and open it.
  3. In the Connections pane, locate and click the server.
  4. In the server Home page (center pane) under the IIS section, double-click Server Certificates.

    IIS 8 Security Certificates
  5. In the Actions menu (right pane), click Complete Certificate Request.

    IIS 8 Create Certificate Request
  6. In the Complete Certificate Request wizard, on the Specify Certificate Authority Response page, provide the following information:

    File name containing the certificate authority's response:Click the button to locate the .cer file you received from the CA
    (e.g., your_domain_com.cer).
    Friendly name:Type a friendly name for the certificate. This is not part of the certificate; instead, it is used to identify the certificate.

    Note: We recommend that you add the issuing CA and the expiration date to the end of your friendly name; for example, yoursite-authority-(expiration date). Doing this helps identify the issuer and expiration date for each certificate and also helps distinguish multiple certificates with the same domain name.
    Select a certificate store for the new certificate:In the drop-down list, select Web Hosting.
    IIS 8 Complete Certificate Request
  7. Click OK to install the certificate.

    Note: There is a known issue in IIS 8 where clicking OK throws a Failed to remove the certificate error. If this is the same server that you generated the CSR on, the error can usually be ignored. Simply click OK and press F5 to refresh the list of server certificates. If the new certificate appears in the list, then it was installed successfully; however, you may want to make sure the certificate is also in the Web Hosting certificate store.

    If the certificate does not appear on the list after refreshing, you will need to reissue your certificate using a new CSR (see Create Your CSR in IIS 8 or IIS 8.5 on Windows Server 2012). After creating a new CSR, you will need to re-key your certificate.
  8. Now that you've successfully installed your SSL certificate, you need to configure your site to use it.
  9. In Internet Information Services (IIS) Manager, in the Connections pane, expand the name of the server on which the certificate was installed. Then expand Sites and click the site you want to secure using the SSL certificate.
  10. In the Actions menu (right pane), click Bindings.

    IIS 8 Web Site Home Page Bindings
  11. In the Site Bindings window, click Add.

    IIS 8 Site Bindings Window (Unconfigured)
  12. In the Add Site Binding window, do the following and then click OK.

    Type:In the drop-down list, select https.
    IP address:In the drop-down list, select the IP address of the site or select All Unassigned.
    Port:Type 443. (SSL uses port 443 to secure traffic.)
    SSL certificate:In the drop-down list, select the SSL certificate you installed in Step 7 (e.g., yourdomain.com).
    IIS 8 Add Site Binding Dialog
  13. Your first SSL certificate is now installed, and the website is configured to accept secure connections.

    IIS 8 Site Bindings Window (Configured)

Install Additional SSL Certificates

To install and assign each additional SSL certificate, repeat the steps below (as needed).

  1. On the server where you created the CSR, save the SSL certificate .cer file (e.g., your_domain_com.cer) that you received from CA.
  2. From the Start screen, find Internet Information Services (IIS) Manager and open it.
  3. In the Connections pane, locate and click the server.
  4. In the server Home page (center pane) under the IIS section, double-click Server Certificates.

    IIS 8 Security Certificates
  5. In the Actions menu (right pane), click Complete Certificate Request.

    IIS 8 Create Certificate Request
  6. In the Complete Certificate Request wizard, on the Specify Certificate Authority Response page, provide the following information:

    File name containing the certificate authority's response:Click the button to locate the .cer file you received from the CA
    (e.g., your_domain_com.cer).
    Friendly name:Type a friendly name for the certificate. This is not part of the certificate; instead, it is used to identify the certificate.

    Note: We recommend that you add the issuing CA and the expiration date to the end of your friendly name; for example, yoursite-authority-(expiration date). Doing this helps identify the issuer and expiration date for each certificate and also helps distinguish multiple certificates with the same domain name.
    Select a certificate store for the new certificate:In the drop-down list, select Web Hosting.
    IIS 8 Complete Certificate Request
  7. Click OK to install the certificate.
  8. Now that you've successfully installed your SSL certificate, you need to configure your site to use it.
  9. In Internet Information Services (IIS) Manager, in the Connections pane, expand the name of the server on which the certificate was installed. Then expand Sites and click the site you want to secure using the SSL certificate.
  10. In the Actions menu (right pane), click Bindings.

    IIS 8 Web Site Home Page Bindings
  11. In the Site Bindings window, click Add.

    IIS 8 Site Bindings Window (Unconfigured)
  12. In the Add Site Binding window, do the following and then click OK.

    Type:In the drop-down list, select https.
    IP address:In the drop-down list, select the IP address of the site or select All Unassigned.
    Port:Type 443. (SSL uses port 443 to secure traffic.)
    Host name:Type the host name that you want to secure.
    Require server name indication:Select this checkbox after you enter the host name.

    Note: This option is required for any additional certificates/sites after installing the first certificate on the primary site.
    SSL certificate:In the drop-down list, select the SSL certificate you installed in Step 7 (e.g., yourdomain.com).
  13. You have successfully installed another SSL certificate and configured the website to accept secure connections.


Related Articles