Ask a Question

Solution ID : SO10517

Installation Instruction for Microsoft IIS 7.0 and 7.5

Solution

This document was created to assist with the installation of a SSL certificate on Microsoft IIS 7.0 or 7.5. If this document can not be used within the environment, RapidSSL recommends contacting an organization that supports IIS 7.

RapidSSL now offers the GeoTrust SSL Assistant to make it easy to generate a CSR and install a certificate for Microsoft IIS 7.0 servers running .NET 2.0 or higher. As an independent subsidiary of Symantec, RapidSSL offers GeoTrust SSL Assistant as a benefit of our corporate relationship.
 
 

Watch RapidSSL's Tutorial Videos for a more visual experience!

NOTE:  If the video is not functioning as expected, please click here to go directly to the video source.
 

 

Select the correct installation instructions based on the following certificate criteria below:

RapidSSL Security Center
Certificates enrolled on or after November 10, 2017

Partner issued certificates
Certificates enrolled on or after November 10, 2017

 

RapidSSL Security Center - Certificates enrolled on or after November 10, 2017

This document provides two options installing SSL certificate for Microsoft IIS 7.0 or 7.5.

  • SSL Assistant certificate installation
  • Manual SSL certificate installation
 
  1. Download your certificate from the unique secure link we provide your technical contact via order fulfillment email.
  2. The ZIP file you download contain the SSL and Intermediate CA certificate in PKCS#7 file (i.e. ssl_certificate.p7b).
  3. Unzip the download file onto the server where you will install the certificate.
  4. Follow instructions in the getting_started.txt file.
     

Install Your SSL Certificate Manually

  1. Download your certificate from the unique secure link we provide your technical contact via email.
  2. The ZIP file you download contain the SSL and Intermediate CA certificate in PKCS#7 file (i.e. ssl_certificate.p7b).
  3. Unzip the files onto the server where you will install the certificate.
  4. In Windows, click Start > Administrative Tools > Internet Information Services (IIS) Manager
  5. From the left menu, click the corresponding server name
  6. In the Features pane (middle pane), under Security, double-click Server Certificates
  7. From the Actions pane (right pane), select Complete Certificate Request
  8. Provide the location of the certificate file and the friendly name
    Note: Friendly name is a reference name for quick identification of the certificate for the Administrator.

    With a Wildcard certificate, you want to make sure to give it a wildcard friendly name. Example: *.symantec.com.

    IIS 7.X  will not let you set an SSL host header unless the friendly name starts with * when you bind your certificate to your sites.

    You can see in this example how the binding will look later if you do not give the certificate a wildcard friendly name:

    At this point the server may respond with one of the two known errors:

    CertEnroll::CX509Enrollment::p_InstallResponse:ASN1 bad tag value met. 0x8009310b (ASN: 267) 

    Click here for the resolution to this message.

    or

    Cannot find the certificate request associated with this certificate file.  A certificate request must be completed on the computer where it was created.

    Click here for the resolution to this message.


    If you are unable to use these instructions for your server, Symantec recommends that you contact either the vendor of your software or an organization that supports Microsoft server.

 

Verify certificate installation:

  1. To verify the SSL certificate installation, use the RapidSSL Installation Checker
  2. In some cases a Stop and Start of the site may be required prior to any testing. 

    Note: In some cases the changes may not take place after restarting IIS Services and a re-boot is needed.

 

Partner issued certificates - Certificates enrolled on or after November 10, 2017

Step 1: Download SSL certificate from User Portal

To download a RapidSSL Certificate from the User Portal, perform the steps bellow:

  1. Visit the RapidSSL User Portal
  2. Provide the Common Name or Order Number, Technical Contact Email Address associated with the certificate order and the Image Number generated from the GeoTrust User Authentication page. 

    Note:  If access is requested using the Common Name there will be a list of order numbers for that domain.  Please select the most recent order.  Any previous orders that are listed can not be used to download the certificate.  If access is requested with an Order Number, an email will be sent to access that order.
     
  3. Select Request Access against the correct order ID.
  4. An email will be sent to the Technical Contact email address specified.
  5. Click on the link listed in the email to enter the User Portal
  6. Click View Certificate Information.
  7. Select the PKCS#7 format from the drop down menu.


Step 2: Install SSL certificate

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager.
  2. From the left menu, click the corresponding server name.
  3. In the Features pane (middle pane), under Security, double-click Server Certificates.
  4. From the Actions pane (right pane), select Complete Certificate Request.
  5. Provide the location of the certificate file and the friendly name.  The Friendly Name will be displayed in the menu to bind the certifiate to the site (at a later step in this guide).

    Note: With a Wildcard certificate, the certificate will need a wildcard friendly name. Example: *.bbtest.net.
    IIS 7.X  will not enable host headers unless the friendly name starts with * when the certificate is bound to the site (at a later step in this guide).

    In this example how the binding will look later if you do not give the certificate a wildcard friendly name.

    Friendly name without wildcard:


    Friendly name with wildcard:


    At this point the server may respond with one of the two known errors;

    CertEnroll::CX509Enrollment::p_InstallResponse:ASN1 bad tag value met. 0x8009310b (ASN: 267) 

    Click here for the resolution to this message.

    or

    Cannot find the certificate request associated with this certificate file.  A certificate request must be completed on the computer where it was created.

    Click here for the resolution to this message.


Step 3: Binding certificate to the web site:

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager.
  2. On the Connections pane, select [Server Name] > Sites > [Site to bind the certifiate to]
  3. In the Actions pane, click Bindings.


     
  4. In the Site Bindings window, If there is no existing https binding, choose Add and change Type from HTTP to HTTPS

    Note: if there is already a https binding, select it and click Edit



     
  5. From the SSL Certificate drop down, Select the Friendly Name for the SSL certificate that will be used for this site
  6. Click OK


Step 4:  Verify certificate installation:

  1. To verify the SSL certificate installation, use the RapidSSL Installation Checker
  2. In some cases a Stop and Start of the site may be required prior to any testing. 

    Note: In some cases the changes may not take place after restarting IIS Services and a re-boot is needed.



Additional Notes:

           If an IP address is not specified when installing your SSL\TLS Certificate, the same ID will be used for all virtual servers created on the system.
 
           If you are hosting multiple sites on a single server, you can specify that the ID only be used for a particular server IP address.

Microsoft Support
 
           For more information, contact Microsoft.