Articles in Root

How do I install an SSL Certificate onto Microsoft IIS 5 or IIS 6

Problem

How do I install an SSL Certificate into IIS5 or IIS6?

 

Solution

This tutorial will be given in 3 parts.  All parts must be completed, but you may find that either Part II and/or Part III may already be completed depending on your security settings and the version of your Windows Server.  If the certificate installation is a renewal of an already existing QuoVadis certificate, you  may not need to do Parts II and III as you should already have the certificates.  The intermediate files must also be installed to ensure that Firefox along with Internet Explorer do not show a certificate error.

Part I - Installing the Certificate

Part I discusses how to install an SSL certificate from a CSR generated in IIS.  This part is mandatory for every SSL installation.
 

  1. Open up IIS. This can be found in the Administrative Tools in Control Panel.

  2. Right-click on the website that has the pending request.  This is also the website that a CSR has been created for.

  3. A new window will appear.  In that new window, click on the Directory Security tab at the top.  In the same window, you will see three sections.  The bottom section named Secure communications has three buttons.

  4. Click on the Server Certificate... button.

  5. A wizard appears.  Click on Next.

  6. On the next screen, select the option, Process the pending request and install the certificate.  Click on Next.
    Note: If you do not see this option, this could mean that the CSR may have been deleted.  If this is the case, then the certificate file is cannot be used.

  7. At the next step of the wizard, you must click on browse and navigate to the .crt that was supplied to you by QuoVadis.
    Note: By default, the IIS Certificate Wizard looks for files with the extension of .cer.  In order for it to accept the .crt file, you will need to drop the File of type: field down to look for All files and the .crt file should appear.  Once you can see it, select it.

  8. Click on Next.

  9. On the next screen, leave the default to port 443.  Click on Next.

  10. You should now see a summary screen.  When you have finished looking at the summary, you should click on Next.

  11. At the final screen, click on Finish.

Part II - Installing the Intermediate (chaining) Certificates

Part II explains how to install the intermediate files that are required.  QuoVadis uses various Intermediate certificates that must also be installed to prevent errors in certain browsers.  You may want to go through these steps and if the intermediate certificates are not installed, then please obtain them and follow through with Part II.  These files should have been included in the email that was sent with the certificate.  If not, they have been included in this knowledge base article.

First you must open the Microsoft Management Console.

  1. Click on Start and then Run.

  2. In the Run window, type MMC in the Open: field and click on the OK button.

  3. The Console1 window will appear.

  4. Click on File at the top and then select Add/Remove Snap-in...  Alternatively, you can press Ctrl + M.

  5. In the Add/Remove Snap-in window, click on the Add... button at the bottom.  This will open a third window named Add Standalone Snap-in.

  6. Scroll down in the Add Standalone Snap-in window and find the Certificates component.  Once found, highlight it and click on the Add button at the bottom.  Alternatively, you can double-click on Certificates.

  7. In a new window, you will be given 3 options for which account you want the certificates snap-in to manage.

  8. Select the Computer account radio button and click on the Next button.

  9. At the next screen, click on the Finish button.

  10. Back in the Add Standalone Snap-in window, click on the Close button.

  11. Click on the OK button in the Add/Remove Snap-in window.

  12. You should be back in the Console1 window.  You will see that the Certificates (Local Computer) has been added on the left hand pane.

  13. Click on the "+" sign next to Certificates (Local Computer) to expand it.

  14. Locate and expand the Intermediate Certification Authorities store and then click on the Certificates folder underneath it.

  15. In the right hand pane, you should see a list of certificates.  Verify that you have the correct Intermediate CA certificate (Chain) in this list of certificate in the right hand pane. The correct certificate is shown and available for download within the certificate download page within Trust/Link.  If this certificate is in the Intermediate Certification Authorities store, then you can skip to Part III.  If you do not, then the next steps will guide you through the process of installing this file.

  16. Place the certificate in a directory where it can be accessed by the server.

  17. Right-click on the Certificates folder underneath the Intermediate Certification Authorities folder and in the drop-down menu, select All Tasks and then click on Import.

  18. The Certificate Import Wizard will appear.  At the welcome screen, click on the Next button.

  19. You must specify the file to import.  Click on the Browse... button and find and select the QuoVadis Intermediate CA certificate file.  Once selected, it should appear in the File name: field.  Click on the Next button.

  20. On the next screen, the option for Place all certificates in the following store should be selected by default and in the Certificate store: field should be Intermediate Certification Authorities.  Click on the Next button.

  21. At the summary screen, click on the Finish button.

  22. You should get a message that reads, "The import was successful."

Part III - Installing the Root Certificates

Generally, your Windows Server should have the QuoVadis Root certificates installed, however there have been cases where they have not been.  When you install the SSL certificate, it the root certificate is not present, the system will prompt you to trust it, which will also install it.  For Part III, you will be installing the QuoVadis Root Certification Authority and the QuoVadis Root CA 2, which expires 2031.  Part III assumes that you currently have the Microsoft Management Console open.  If you do not, you can find the instructions in Part II of this guide, steps 1-9.
 

  1. Click on the "+" sign next to Certificates (Local Computer) to expand it (if it isn't already expanded).

  2. Locate and expand the Trusted Root Certification Authorities store and the click on the Certificates folder underneath it.

  3. In In the right hand pane, you should see a list of certificates.  Click on any certificate that you see and press the letter "Q" on your keyboard to fast-track to the QuoVadis root certificates.  Verify that you have the correct QuoVadis Root Certificate(s) installed in the list of certificates in the right hand pane. You can view and/or download the correct QuoVadis Root certificate that is required within the certificate download page within the Trust/Link downloads page of your certificate.. If the certificate is present, then your website should not show any trust errors then you are finished.  If you do not see this certificate in the Trusted Root Certification Authorities store, then the next steps will guide you through the process of installing this file.

  4. Place the certificate in a directory where it can be accessed by the server.

  5. Right-click on the Certificates folder underneath the Trusted Root Certification Authorities folder and in the drop-down menu, select All Tasks and then click on Import.

  6. The Certificate Import Wizard will appear.  At the welcome screen, click on the Next button.

  7. You must specify the file to import.  Click on the Browse... button and find and select the correct QuoVadis Root certificate file.  Once selected, it should appear in the File name: field.  Click on the Next button.

  8. On the next screen, the option for Place all certificates in the following store should be selected by default and in the Certificate store: field should be Trusted Root Certification Authorities.  Click on the Next button.

  9. At the summary screen, click on the Finish button.

You should get a message that reads, "The import was successful."

The website should be properly configured.

OCSP Stapling Support

OCSP Stapling is not supported on IIS 5 and IIS 6 by default.

You can read up more on OCSP Stapling at https://support.quovadisglobal.com/KB/a415/what-is-ocsp-stapling.aspx.