Ask a Question

Advanced Search

Solution ID : SO19922

Last Modified : 05/08/2019

How to install a Thawte Wildcard Certificate in Microsoft IIS 7.X


Thawte now offers the DigiCert Utility Tool to make it easy to generate a CSR and install a certificate on Windows machines.

To install a Thawte Wildcard certificate on Microsoft IIS 7.0, follow the instructions below:

Thawte Reseller customers
Download your certificate in PKCS#7 format

Step 1 : Download your Thawte certificate

  1. You will receive an email when your certificate is issued.
  2. Download your certificate
  3. Select the PKCS#7 format option and click Pick Up certificate.
  4. Copy and Paste your Thawte certificate to Notepad and save as a certificate.p7b

Step 2 : Install SSL certificate

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. From the left menu, click the corresponding server name
  3. In the Features pane (middle pane), under Security, double-click Server Certificates
  4. From the Actions pane (right pane), select Complete Certificate Request
  5. Provide the location of the certificate file and the friendly name
    Note:  With a Wildcard certificate, you want to make sure to give it a wildcard friendly name. Example: * IIS 7.X will not let you set an SSL host header unless the friendly name starts with * when you start binding your certificate to your sites. You can see in this example how the binding will look later if you do not give the certificate a wildcard friendly name:

    Without wildcard friendly name:

    With wildcard friendly name:

    At this point the server may respond with one of the two known errors:

    CertEnroll::CX509Enrollment::p_InstallResponse:ASN1 bad tag value met. 0x8009310b (ASN: 267)
    Follow these steps for the resolution for this message.


    Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created.
    Follow these steps for the resolution for this message.

Step 3:  Add an HTTPS binding to a Website
For IIS 7, you need to bind the HTTPS protocol to a Web site then assigning the install certificate

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. Browse to your server name > Sites > Your SSL-based site
  3. From the Actions pane, choose Bindings
  4. In the Site Bindings window, If there is no existing https binding, choose Add
    Note: if there is already a https binding, select it and click Edit
  5. From the Add Site Bindings window, provide the binding type
  6. From the SSL Certificate drop down, Select the Friendly Name for the SSL certificate that will be used for this site.
    Note: If you don't set a host name, when you try to configure the certificate on another site, it causes an error and the second site won't start.
  7. Click OK

Step 4: Verify certificate installation

  1. Stop and start your Web server prior to any testing
    Note: In some cases the changes may not take place after restarting IIS Services and a re-boot is needed.
  2. Verify the SSL certificate installation