To verify that the SSL certificate is successfully installed, try to bind the certificate to the web site.
To bind the certificate to the appropriate web site, perform the following steps:
- Click Start > Administrative Tools > Internet Information Services (IIS) Manager
- Browse to your Server Name > Sites > Your SSL-based site
- From the Actions pane, choose Bindings
- In the Site Bindings window, choose Add
- From the Add Site Bindings window, provide the binding type as HTTPS
- Select the SSL certificate that will be used for this site
- Click OK
- Test the if the site is secure by using HTTPS
If in step 6 above, you cannot find the new certificate in the list, try restoring the private key:
Import certificate in to the Computer certificate store
- Create a Certificate snap-in in a MMC console, per KB solution SO1849
- In the left-hand pane, expand the Certificates folder, expand and select the Personal folder
- Right-click the Certificates folder inside the Personal folder, select All Tasks, select Import
- The Certificate Import Wizard opens. Click Next
- Click Browse and then navigate to the file that contains the SSL certificate. Click Open > Next
- Ensure "Place all certificates in the following store" is selected, ensure that "Personal" is listed for the certificate store
- Click Next > Finish
Restore Private Key
- With the MMC console still open, select the Certificates folder inside the Personal folder in the left-hand pane.
- Double-click the newly imported SSL certificate in the right-hand pane, then select the Details tab.
- Scroll down and select the Thumbprint
- The thumbprint should appear in the box below
- Click inside the box so that the curser appears. Hit Ctrl + A on the keyboard then hit Ctrl + C
- Open a Notepad and paste in the Thumbprint
- Add double quotes (“) at the beginning and end of the thumbprint.
Open a command prompt (Go to Search > type cmd in search box), then enter the following command:
certutil -repairstore my "<thumbprint>"
certutil -repairstore my "00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f"
If successful, the response will be "CertUtil: -repairstore command completed successfully"
Assign SSL certificate in IIS
- Open the IIS Manager application.
- From the Connections pane on the left, expand the local server, expand the Sites folder and select the web site to be secured with SSL.
- From the Actions pane on the right, select the Bindings option (under Edit Site).
- In the Site Bindings window, select an existing https binding and click Edit. If there are no existing https bindings, click Add.
- Select the new SSL certificate from the drop down menu.
- Click the View button to confirm details of the certificate, if necessary.
- Click OK, click Close
If the above steps do not resolve the issue, an alternative method of installation using the .x509 version of the certificate can be attempted.
- Acquire the SSL certificate in X.509 (PKCS#10) format and install
- Obtain the Intermediate CA and install this via Microsoft Management Console
Thawte SSL certificates for Microsoft servers are delivered in PKCS#7 format. This means the certificate file includes the corresponding Intermediate CA(s). To acquire the certificate in X.509 (PKCS#10) format, perform the following steps:
- Download the certificate via Thawte Certificate Center (TCC) and select the x.509 format. Please see solution SO13187
- Install the the X.509 (PKCS#10) certificate file
- Download and install the proper Intermediate CA for your certificate type, please see solution SO21539