Ask a Question

Solution ID : SO22020

Last Modified : 05/28/2018

Managed PKI for SSL- Installation Instructions for Microsoft IIS 8.0

Solution

This document provides instructions for installing Certificates into Microsoft IIS 8.0. If you are unable to use these instructions for a Microsoft server, Symantec recommends contacting Microsoft.

 
This solution contains two methods to install a certificate:

Method 1: Installing the certificate received via e-mail.

Method 2: Installing the certificate downloaded from Managed PKI for SSL subscriber service page.
 
 
Method 1: Download and install the certificate sent via e-mail
 
Step 1: Obtain the SSL certificate sent via email:
 
  1. Once the Managed PKI for SSL administrator has approved the certificate request, you will receive an email
    with the Certificate attached (cert.cer), as well as in the body of the email itself.
  2. Copy the certificate and make sure to copy the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
    header and footer. Ensure there are no white spaces, extra line breaks or additional characters.
  3. Use a plain text editor such as Notepad to paste the content of the certificate and save it with extension .txt 

    Note: If Microsoft IIS  5.0 or above was selected during enrollment, continue with the installation from here

     
  4. If you are not sure of which server software was selected during the enrollment, proceed with Step 2 below.
           
Step 2: Download and install the Intermediate CAs:
 
  1. To download and install the Intermediate CAs follow the steps from this link.
     
 
Step 3: Install the certificate:
 
  1. Click here to proceed with installation steps.


Method 2: Download and install the certificate in PKCS#7 format

Step 1: Download the certificate from Managed PKI for SSL subscriber services page:
 
          Download the certificate from Managed PKI for SSL subscriber services page by following the steps from this link.
 
          Make sure to download the certificate in PKCS#7 format and save it with the extension .txt or .p7b.
 


Step 2: Install the Certificate

  1. Go to Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. From the left menu, click the corresponding server name.
  3. In the Features pane (middle pane), under Security, double-click Server Certificates.
  4. From the Actions pane (right pane), select Complete Certificate Request.
  5. Provide the location of the certificate file and a friendly name.

    Note: The Friendly Name is a reference name for quick identification of the certificate for the Administrator.
     
  6. Be sure that the Personal store is selected, then click OK.



    At this point the server may respond with one of two known error messages referenced below. If no error is reported, proceed to Step 3

    CertEnroll::CX509Enrollment::p_InstallResponse:ASN1 bad tag value met. 0x8009310b (ASN: 267)
    Click here for the resolution to this message

    or

    Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created.
    Click here for the resolution to this message.


Step 3: Binding the certificate to the web site:

  1. From the Connections column on the left, expand the Sites folder.
  2. Select the appropriate web site.
  3. From the Actions pane on the right, click on Bindings.


     
  4. In the Site Bindings window, if there is no existing https binding, choose Add and change Type from HTTP to HTTPS.

    Note: If there is an existing https binding, select it and click Edit.


     
  1. From the SSL Certificate drop down, select the friendly name for the certificate that was added during installation.


     
  2. Click OK


Step 4:  Verify certificate installation:

  1. Verify the certificate installation with the Symantec Installation Checker.
  2. In some rare cases, a restart of IIS or a reboot of the server may be necessary in order for the changes to take effect.
     

Additional Notes:

         If an IP address is not specified when installing the certificate, the same ID will be used for all virtual servers 
         created on the system.
 
         If hosting multiple sites on a single server, you can specify that the ID only be used for a particular server IP address

Microsoft Support
 
         For more information, contact Microsoft.