Ask a Question

Advanced Search

Alert ID : INFO1940

Last Modified : 04/19/2019

Managed PKI for SSL - Installation Instructions for Microsoft IIS 5.0 and 6.0


This document provides instructions for installing Certificates into IIS 5.0 and 6.0 . If you are unable to use these instructions for your server, Symantec recommends that you contact Microsoft.
Symantec now offers the Symantec SSL Assistant to make it easy to generate a CSR and install a certificate for Microsoft IIS 6.0 servers running .NET 2.0 or higher.
This solution contains two Methods to install your SSL Certificate:

Method 1: Installing the certificate received via e-mail.

Method 2 (Recommended): Installing the certificate downloaded from Managed PKI for SSL subscriber service page.

Method 1: Download and Install SSL certificate in X.509 format
Step 1: Obtain the SSL certificate sent via email:

NOTE: The install process is easier to complete with PKCS7 format, continue with the installation from here
  1. Once your Managed PKI for SSL administrator has approved your Certificate request, you will receive the Symantec certificate by email. The certificate is available in a download link, an attachment (Cert.cer), and pasted at the bottom of the email body.
  2. If using the certificate in the body of the email, copy the certificate and make sure to copy the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- header and footer. Ensure there are no white spaces, extra line breaks or additional characters.
  3. Use a plain text editor such as Notepad, paste the content of the certificate and save it with extension .txt
  4. If you are not sure which server software was selected during the enrolment, proceed with Step 2 bellow.
Step 2: Download and Install the Intermediate CAs:
         To download and install the Intermediate CAs follow the steps from this link: SO22016 
Step 3: Install the SSL certificate:
         To proceed with the installation steps for your SSL certificate click here

Method 2: Download and Install SSL certificate in PKCS#7 format

Step 1: Download the SSL certificate from Managed PKI for SSL subscriber services page:
         Download the certificate from Managed PKI for SSL subscriber services page by following the steps from this link: SO6621
         Make sure you download the certificate in PKCS#7 format and save it with the extension .txt or .p7b

Step 2: Install the SSL Certificate 

  1. Open the Internet Services Manager (IIS):
  2. Click Start.
  3. Select All Programs.
  4. Select Administrative Tools.
  5. Choose Internet Information Services (IIS) Manager.
  6. Under Web Sites, right-click your web site and select  Properties.
  7. Click the Directory Security tab.
  8. Under Secure Communications, click Server Certificate.
  9. The Web Site Certificate Wizard will open, click Next.
  10. Choose Process the Pending Request and Install the Certificate, then click Next
    Note: The pending request must match the response file. If you deleted the pending request in error you must generate a new CSR and replace this certificate.
  11. Select the location of the certificate response file, and then click Next.
  12. Read the summary screen to be sure that you are processing the correct certificate and then click Next.
  13. You see a confirmation screen. After you read this information, click Next.
  14. Be sure to assign your site an SSL port (443 by default).

Step 3:  Verify certificate installation

  1. Stop and start your Web server prior to any testing.

    NOTE: In some cases the changes may not take place after restarting IIS Services and a re-boot is needed.
  2. To verify the SSL certificate installation, use the DigiCert Installation Checker

Additional Notes:

          If you do not specify an IP address when installing the SSL Certificate, the same ID will be used for all virtual servers
          created on the system.
          If you are hosting multiple sites on a single server, you can specify that the ID only be used for a particular server IP address

Microsoft Support
          For more information, contact Microsoft.