This document provides instructions for installing SSL Certificates into IIS 8.0. If unable to use these instructions for your server, Symantec recommends contacting Microsoft.
|This solution contains two Methods to install your SSL Certificate:
Method 1: Installing the certificate received via e-mail.
Method 2 (recommended): Installing the certificate downloaded from the Symantec Trust Center account.
Method 1: Download and Install SSL certificate sent via e-mail
Step 1: Obtain the SSL certificate sent via email:
- The Symantec certificate will be sent via email. The certificate is imbedded in the body of the email.
- Copy the SSL certificate and make sure to copy the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- header and footer
- Ensure there are no white spaces, extra line breaks or additional characters.
- Use a plain text editor such as Notepad, paste the content of the certificate and save it with extension .txt
NOTE: If you selected Microsoft IIS 5.0 or above during enrollment, continue with the installation from here.
If you are not sure which server software was selected during the enrolment, proceed with Step 2
Step 2: Download and Install the Intermediate CAs:
To download and install the Intermediate CAs follow the steps from this link: SO13415
Step 3: Install the SSL certificate:
To proceed with the installation steps for your SSL certificate click here
Method 2: Download and Install SSL certificate in PKCS#7 format
Step 1: Download the SSL certificate from Symantec Trust Center account
- Download the certificate from Symantec Trust Center by following the steps from this link: SO8061
- Make sure you download the certificate in PKCS#7 format and save it with the extension .txt or .p7b
Step 2: Install SSL Certificate
- Go to Start > Administrative Tools > Internet Information Services (IIS) Manager
- From the left menu, click the corresponding server name
- In the Features pane (middle pane), under Security, double-click Server Certificates
- From the Actions pane (right pane), select Complete Certificate Request
- Provide the location of the certificate file and a friendly name
NOTE: The Friendly Name is a reference name for quick identification of the certificate for the Administrator
- Be sure that the Personal store is selected, then click OK
At this point the server may respond with one of two known error messages referenced below. If no error is reported, proceed to Step 3
CertEnroll::CX509Enrollment::p_InstallResponse:ASN1 bad tag value met. 0x8009310b (ASN: 267)
Click SO21366 for the resolution to this message.
Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created.
Click SO21302 for the resolution to this message.
Step 3: Binding SSL certificate to the web site
- From the Connections column on the left, expand the Sites folder
- Select the appropriate web site.
- From the Actions pane on the right, click on Bindings
- In the Site Bindings window, If there is no existing https binding, choose Add and change Type from HTTP to HTTPS.
NOTE: If there is an https binding, select it and click Edit
- From the SSL Certificate drop down, select the friendly name for the SSL certificate that was used during installation.
- Click OK
Step 4: Verify certificate installation
- Verify your installation with the Symantec Installation Checker
- In some rare cases, a restart of IIS or a reboot of the server may be necessary in order for the changes to take affect.
If you do not specify an IP address when installing the SSL Certificate, the same ID will be used for all virtual servers
created on the system.
If hosting multiple sites on a single server, you can specify that the ID only be used for a particular server IP address.