How to

Microsoft IIS 5/6 - SSL/TLS Certificate Installation Instructions

SSL/TLS Certificate Installation Instructions for Microsoft IIS 5/6.

How do I install a SSL/TLS certificate on Microsoft IIS 5/6?

Before you begin

  • Never share private key files. 
  • If you plan on using the same certificate on multiple servers always transfer the private key using a secure method (e-mail is not considered a secure method of transfer).
  • Make sure you run the SSL Server Test at the end of the installation process to check your certificate configuration against SSL/TLS Best Practices.

Installing your SSL/TLS Certificate on Microsoft IIS 5/6

1. Click the Download button in the pickup wizard to download your certificate files. Clicking the download button will produce a zip file that includes your Server Certificate, the chain/intermediate certificates(s) and the Root certificate. Extract the files from the zip file.

2. On the server, go to Start > Run > type MMC and hit enter.

3. Click File > Add Remove Snap-in. 

4. Select Certificates and click Add.

5. Select Local Computer and click Finish.

6. Click Close. 

7. Expand Certificates on the left hand side of the console window.

8. Expand the Trusted Root Certification Authorities folder and click on the Certificates sub-folder.

9. Important: Check the list of Trusted Root Certificates to see if there is a root labeled Root Certification Authority - G2.  If this root is present, delete the root from the list. You will install another root certificate and chain your certificate to that root to provide backwards compatibility with older devices that do not include the newer SHA-2 root certificate.

10. Right click on the Certificates sub-folder under Trusted Root Certification Authorities and select All Tasks > Import.

11. In the import wizard, browse to the Root.crt file downloaded in step 1 and complete the wizard.

12. In the MMC console, expand the Intermediate Certification Authorities folder. Right click on the Certificates sub-folder and select All Tasks > Import.

13. In the import wizard, browse to the Intermediate1.crt file downloaded in step 1 and complete the wizard.

14. Right click on the Certificates sub-folder under Intermediate Certification Authorities and select All Tasks > Import.

15. In the import wizard, browse to the Intermediate2.crt file downloaded in step 1 and complete the wizard to complete the certificate chain setup process. You should see your Entrust Intermediate certificates listed in the Intermediate Certification Authorities folder. You are now ready to install your signed server certificate.
16. Launch the Internet Services Manager (IIS Manager) by clicking Start > All Programs > Administrative Tools > Internet Information Services.

17. Right-click your Web site from the left preview pane and select Properties.

18. Select the Directory Security tab and click on the Server Certificate button.


19. Click Next in in the IIS certificate wizard.

20. Select Process the pending request and install the certificate and click Next.


21. Browse to the location of the ServerCertificate.crt file that you download in step 1 and click Next.

22. Specify your SSL port (in the majority of cases, the default SSL port 443 is used) and click Next.

23. Review the wizard summary and click Next to complete the server certificate import process.

24. Click Finish.