Ask a Question

Solution ID : SO14954

Last Modified : 06/04/2018

How to install an Extended Validation Certificate in Microsoft IIS 7.0

Problem

Install an Extended Validation certificate in Microsoft IIS 7.0
How do I install an Extended Validation certificate in IIS 7.0
How to I install an EV certificate on IIS 7.0

Solution

Thawte now offers the Symantec SSL Assistant to make it easy to generate a CSR and install a certificate for Microsoft IIS 7.0 servers running .NET 2.0 or higher. As an independent subsidiary of Symantec, Thawte offers Symantec SSL Assistant as a benefit of our corporate relationship.
 

Watch Thawte's Tutorial Videos for a more visual experience!

Note:  If you are unable to view the video, please click here to go directly to the video source.

 
To install an Extended Validation certificate on Microsoft IIS 7.0, follow the instructions below:

Thawte Reseller customers
Download your certificate in PKCS#7 format

Step 1: Download your Thawte certificate 
  1. You will receive an email when your certificate is issued
  2. Download your certificate
  3. Select the PKCS#7 format option and click Pick Up certificate
  4. Copy and Paste your Thawte certificate to Notepad and save as a certificate.p7b
 
Note: IF the PKCS7 format is not used,  the Intermediate CA certificates MUST be installed separately using these steps
 

Step 2 : Install SSL certificate

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. From the left menu, click the corresponding server name
  3. In the Features pane (middle pane), under Security, double-click Server Certificates


     
  4. From the Actions pane (right pane), select Complete Certificate Request


     
  5. Provide the location of the certificate file and the friendly name
    Note: Friendly name is a reference name for quick identification of the certificate for the Administrator
  6. If you receive this error "CertEnroll::CX509Enrollment::p_InstallResponse: ASN1 bad tag value met. 0x8009310b" or similar, complete these steps


Step 3 : Add an HTTPS binding to a Web site
For IIS7, you need to bind the HTTPS protocol to a Web site then assigning the install certificate

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. Browse to your server name > Sites > Your SSL-based site
  3. In the Actions pane, click Bindings.


     
  4. In the Site Bindings window, If there is no existing https binding, choose Add
    Note: if there is already a https binding, select it and click Edit


     
  5. From the Add Site Bindings window, provide the binding type


     
  6. Select the SSL certificate that will be used for this site
  7. Click OK


Step 4: Verify certificate installation

  1. Stop and start your Web server prior to any testing
    Note: In some cases the changes may not take place after restarting IIS Services and a re-boot is needed.
  2. Verify the SSL certificate installation