How to install SSL123 Certificate with its Intermidiate CA for Microsoft IIS 5, IIS 6 or IIS 7

Step – 1

For Windows Server 2003

  • Once you received the the SSL123 Certificate from the certificate authority, complete the pending certificate request as mention below but before that copy and paste the certificate received from the certificate authority into the enrollment form, open the file in a text editor that does not add extra characters (Notepad recommended) & save as “filename.cer”.
  • Open the Internet Services Manager  Start > Programs > Administrative Tools
  • Right-click on the Web site from which you had created the Key/CSR pair for.
  • Select Properties.
  • Click the Directory Security tab.
  • Under the Secure Communications section, click Server Certificate
  • This will start the Web Site Certificate Wizard.  Click Next.
  • From the Web Site Certificate Wizard, select pending certificate request. Click Next.
  • The wizard will now ask you the CSR file. Click Browse and select a location where you have save the CSR file (received from the certificate authority) click Next & then Finish.
  • IIS will then ask to confirm the port on which secure communications to the list will listen on. Leave this as port 443, and click finish.

For Windows Server 2008

  • Once you received the the SSL123 Certificate from the certificate authority, complete the pending certificate request as mention below but before that copy and paste the certificate received from the certificate authority into the enrollment form, open the file in a text editor that does not add extra characters (Notepad recommended) & save as “filename.cer”.
  • In IIS 7, click on the server name (svxxx(svxxxDataCAdmin)), then open “Server Certificates” and select the certificate you wish to complete.
  • On the taskbar to the right, click “Complete Certificate Request”
  • Select the certificate from the directory where the .cer file resides.
  • Make the friendly name “domain date” (example;www.site.com 11-12).  Click “ok”
  • After installing the .cer file you will need to assign it to the site.
  • To assign the certificate to the site you will need to right click on the site, “Edit Bindings”
  • Select the “https” binding(s) and “Edit” the binding.
  • Select the drop down window and choose the certificate that you just created.
  • If the site has not previously had a certificate installed:
  • You will need to update the bindings to allow acces to the site on port 443.
  • Navigate to your site. Click your site, then click “Bindings” on the right panel.
  • Add bind for “https://” then you will need to select the certificate from the list at the bottom of the window.

Step – 2

Download the Intermediate CA File for SSL123 from the certificate authority site & save it as .cer.

Step – 3

Create a Certificate Snap-in:

Note: Please ensure for step 8 to select ‘Computer Account’, selecting any other option will result in a failed installation.

  1. From the Web Server, Click Start > Run
  2. Type in MMC and Press Enter
  3. Click OK
  4. From the Microsoft Management Console (MMC) menu bar, Click File (in IIS 6.0) or Console (in IIS 5.0) > Add/Remove Snap-in
  5. Click Add
  6. From the list of snap-ins, Select Certificates
  7. Click Add
  8. Select Computer Account
  9. Click Next
  10. Select Local Computer (the computer this console is running on)
  11. Click Finish
  12. In the snap-in list window, Click Close
  13. In the Add/Remove Snap-in Window, Click OK

Step – 4

Install the Intermediate CA file:

  1. From the left pane, Expand the ‘Intermediate Certification Authorities’ folder
  2. Right-Click on ‘Certificates’ folder
  3. Click All Tasks > Import
  4. In the Certificate Import Wizard, Click Next
  5. Click on Browse and locate the Intermediate CA Certificate File (file you downloaded in step 2)
  6. Click Next
  7. Select option ‘Place all certificates in the following store’
  8. Click Browse button and select ‘Intermediate Certification Authorities’
  9. Click OK
  10. Click Next
  11. Click Finish

Note: For IIS 6 and below, restart the web server (IIS Admin services) for the changes to propagate immediately.  For IIS 7/7.5, a reboot or re-create of the HTTPS bindings is required for the settings to take effect.

Courtesy : thwate.com