Ask a Question

How to import a PKCS#12 (.pfx) file using Microsoft IIS 5.0, 6.0, 7.0, or 8.0

Problem

Import .pfx using Microsoft IIS 5.0, 6.0, 7.0, or 8.0 server
Install .pfx using Microsoft IIS 5.0, 6.0, 7.0, or 8.0 server

Solution

To Import a backup of the Certificate and Private Key file from .pfx file follow the instructions below:

Microsoft IIS version 5.0 and 6.0

Import the Certificate

  1. Create a Microsoft Management Console (MMC) snap-in for managing certificates, as described in solution SO1849.
     
    NOTE:  You must use the Computer Account when creating the Snap-in
     
  2. Open the Microsoft Management Console (MMC).
  3. On the left pane, click Certificates.
  4. On the right pane, double-click Personal.
  5. On the right pane, right-click Certificates and select All Tasks > Import (this opens the Certificate Import Wizard). Click Next.
  6. Browse to the certificate that you want to import and click Next.
  7. Enter the password used to secure the certificate for export and then click OK.
  8. To export the certificate again from this computer, select Mark the key as exportable.
  9. Select the option Automatically select the certificate store based on the type of certificate. (This ensures all the certificates in the certification path (Root, Intermediate, and Server) are stored in the proper place. Problems may occur if a certificate is placed in the wrong store.) Click Next.
  10. Click Finish. A message confirms successful import. Click OK.


Assign the Certificate 

  1. Open the Internet Information Services (IIS) Manager: Start > All Programs > Administrative Tools > Internet Information Services (IIS) Manger.
  2. In the Web Sites section, right-click your Web Site and select Properties.
  3. Click the Directory Security tab.
  4. In the Secure Communications section, click Server Certificate (this opens the Web Server Certificate Wizard) and then click Next.
  5. Select Assign an existing certificate and then click Next.
  6. Select the certificate to import (denoted by the Common Name) and then click Next.
  7. A summary page displays the details of the certificate that you are installing. Ensure that this information is correct and then click Next.
  8. Click Finish.
     

Check that SSL is setup on the server correctly:

  1. In the Web Site tab, the IP address field must contain the IP address (typed out) of the web site in question. If you only have one web site, then the default "All Unassigned" for your IP address will suffice.
  2. Click on the "Advanced" button next to the IP address field > make sure the SSL port number is listed under "Multiple SSL identities for this Web site" section

 

Microsoft IIS version 7.0 and 8.0

Import the Certificate

  1. Create a Microsoft Management Console (MMC) snap-in for managing certificates, as described in solution SO1849.
     
    NOTE:  You must use the Computer Account when creating the Snap-in
     
  2. Double click on Certificates (Local Computer) in the center window.
  3. Right click on the Personal Certificates Store (folder)
  4. Choose > ALL TASKS > Import
  5. Follow the Certificate Import Wizard to import your Primary Certificate from the .pfx file. You will need to browse for .pfx files.
  6. Enter the password that was used when exporting the certificate to a .pfx file.
  7. Check the box to "Mark this key as exportable."
  8. When prompted, choose to automatically place the certificates in the certificate stores based on the type of the certificate.
  9. Click Finish to close the certificate wizard.
  10. Close the MMC console. In the case that you are prompted, it is not necessary to save the changes made to the MMC console.


Binding certificate to the web site

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. Browse to your server name > Sites > Your SSL-based site
  3. From the Actions pane, choose Bindings
  4. In the Site Bindings window, choose Add
  5. From the Add Site Bindings window, provide the binding type
  6. Select the SSL certificate that will be used for this site
  7. Click OK


Verify certificate installation

  1. Stop and start your Web server prior to any testing.
    Note: In some cases the changes may not take place after restarting IIS Services and a re-boot is needed.
  2. To verify the SSL certificate installation, use the Thawte Certificate Installation checker utility