Ask a Question

How to install a Thawte Wildcard Certificate in Microsoft IIS 7.X

Solution

Thawte now offers the Symantec SSL Assistant to make it easy to generate a CSR and install a certificate for Microsoft IIS 7.X servers running .NET 2.0 or higher. As an independent subsidiary of Symantec, Thawte offers Symantec SSL Assistant as a benefit of our corporate relationship.

To install a Thawte Wildcard certificate on Microsoft IIS 7.0, follow the instructions below:

Thawte Reseller customers
Download your certificate in PKCS#7 format
 

Step 1 : Download your Thawte certificate

  1. You will receive an email when your certificate is issued.
  2. Download your certificate
  3. Select the PKCS#7 format option and click Pick Up certificate.
  4. Copy and Paste your Thawte certificate to Notepad and save as a certificate.p7b
     

Step 2 : Install SSL certificate

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. From the left menu, click the corresponding server name
  3. In the Features pane (middle pane), under Security, double-click Server Certificates
  4. From the Actions pane (right pane), select Complete Certificate Request
  5. Provide the location of the certificate file and the friendly name
    Note:  With a Wildcard certificate, you want to make sure to give it a wildcard friendly name. Example: *.domain.com. IIS 7.X will not let you set an SSL host header unless the friendly name starts with * when you start binding your certificate to your sites. You can see in this example how the binding will look later if you do not give the certificate a wildcard friendly name:

    Without wildcard friendly name:



    With wildcard friendly name:



    At this point the server may respond with one of the two known errors:

    CertEnroll::CX509Enrollment::p_InstallResponse:ASN1 bad tag value met. 0x8009310b (ASN: 267)
    Follow these steps for the resolution for this message.

    or


    Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created.
    Follow these steps for the resolution for this message.
     

Step 3:  Add an HTTPS binding to a Website
For IIS 7, you need to bind the HTTPS protocol to a Web site then assigning the install certificate

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. Browse to your server name > Sites > Your SSL-based site
  3. From the Actions pane, choose Bindings
  4. In the Site Bindings window, If there is no existing https binding, choose Add
    Note: if there is already a https binding, select it and click Edit
  5. From the Add Site Bindings window, provide the binding type
  6. From the SSL Certificate drop down, Select the Friendly Name for the SSL certificate that will be used for this site.
    Note: If you don't set a host name, when you try to configure the certificate on another site, it causes an error and the second site won't start.
  7. Click OK


Step 4: Verify certificate installation

  1. Stop and start your Web server prior to any testing
    Note: In some cases the changes may not take place after restarting IIS Services and a re-boot is needed.
  2. Verify the SSL certificate installation