Ask a Question

Solution ID : SO25646

Last Modified : 05/18/2018

Installation Instruction for Microsoft IIS 7.0 and 7.5

Solution

This document provides two options installing SSL certificate for Microsoft IIS 7.0 or 7.5.

  • Symantec SSL Assistant certificate installation
  • Manual SSL certificate installation
 
Option 1:  Symantec SSL Assistant Certificate Installation
  1. Download your certificate from the unique secure link we provide your technical contact via order fulfillment email.
  2. The ZIP file you download contain the SSL and Intermediate CA certificate in PKCS#7 file (i.e. ssl_certificate.p7b).
  3. Unzip the download file onto the server where you will install the certificate.
  4. Follow instructions in the getting_started.txt file.
     

Option 2: Install Your SSL Certificate Manually

  1. Download your certificate from the unique secure link we provide your technical contact via email.
  2. The ZIP file you download contain the SSL and Intermediate CA certificate in PKCS#7 file (i.e. ssl_certificate.p7b).
  3. Unzip the files onto the server where you will install the certificate.
  4. In Windows, click Start > Administrative Tools > Internet Information Services (IIS) Manager
  5. From the left menu, click the corresponding server name
  6. In the Features pane (middle pane), under Security, double-click Server Certificates
  7. From the Actions pane (right pane), select Complete Certificate Request
  8. Provide the location of the certificate file and the friendly name
    NOTE: Friendly name is a reference name for quick identification of the certificate for the Administrator.

    With a Wildcard certificate, you want to make sure to give it a wildcard friendly name. Example: *.symantec.com.

    IIS 7.X  will not let you set an SSL host header unless the friendly name starts with * when you bind your certificate to your sites.

    You can see in this example how the binding will look later if you do not give the certificate a wildcard friendly name:

    At this point the server may respond with one of the two known errors;

    CertEnroll::CX509Enrollment::p_InstallResponse:ASN1 bad tag value met. 0x8009310b (ASN: 267) 
    Click SO26275 for the resolution to this message.

    or

    Cannot find the certificate request associated with this certificate file. 
    A certificate request must be completed on the computer where it was created. 
      
              
    Click SO12089 for the resolution to this message.

 

If you are unable to use these instructions for your server, Symantec recommends that you contact either the vendor of your software or an organization that supports Microsoft server.

 In IIS7, you need to install the certificate and then bind the HTTPS protocol to the site.


Binding Certificate to the Web site

  1. In Windows, click Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. Browse to your server name > Sites > Your SSL-based site
  3. In the Actions pane, click Bindings.


     
  4. In the Site Bindings window, If there is no existing https binding, choose Add and change Type from HTTP to HTTPS
    NOTE: if there is already a https binding, select it and click Edit


     
  5. From the SSL Certificate drop down, Select the Friendly Name for the SSL certificate that will be used for this site
  6. Click OK
  7. In some cases you may need to Stop and start your Web server prior to any testing. 
    NOTE: In some cases the changes may not take place after restarting IIS Services and a re-boot is needed.


Additional Notes:

             If you do not specify an IP address when installing your SSL Certificate, the same ID will be used for all
             virtual servers created on the system.
 
            If you are hosting multiple sites on a single server, you can specify that the ID only be used for a 
            particular server IP address.


Verify certificate installation

Verify your installation with the Symantec Installation Checker



Microsoft
 
For more information, see Microsoft Support website.