Last updated:2021-03-15 15:36:02
This document describes how to install a certificate on an IIS6 server.
For compatibility between the server certificate and a client, install the intermediate CA certificates for the server certificate before installing the server certificate. There might be only one intermediate CA certificate for a server certificate, depending on the certificate provider.
To obtain the intermediate CA certificates:
Before installing a server certificate on an IIS server, identify whether the server has an EV root certificate. If yes, you must delete the EV root certificate. If you do not delete the EV root certificate, a client that uses an IE browser of versions earlier than IE7 cannot access the server.
To delete EV root certificates from the server:
Choose Certificates > Trusted Root Certification Authorities > Certificates.
Identify whether there is a certificate with the name VeriSign Class 3 Public Primary Certification Authority - G5 and a validity period from 2006-11-8 to 2036-7-17. If yes, delete the certificate.
Choose Certificates > Third-Party Root Certification Authorities > Certificates.
Identify whether there is a certificate with the name VeriSign Class 3 Public Primary Certification Authority - G5 and a validity period from 2006-11-27 to 2036-7-17. If yes, delete the certificate.
From the certificate issuing file, copy the content of the server certificate (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) to a text file and save it as server.cer.
After successfully installing a server certificate and completing configuration, back up the server certificate for further restoration.
Access the IIS console and select the website on which you have installed the server certificate.
Right-click the website and choose Properties.
Click the Directory Security tab and choose Server Certificate.
In the IIS Certificate Wizard, choose Import a certificate from a .pfx file and click Next.
Select the server certificate backup file and enter the password.
If you select the Mark this key as exportable option, the private key can be exported from the server later. Otherwise, the private key cannot be exported from the server later. For server certificate key security, it is recommended that you keep the certificate backup file carefully and leave the option unselected.
Use the default HTTPS listening port 443 and click Finish.
Restart IIS, use HTTPS to access the website and verify that the certificate has been restored correctly.
Did you find the above information helpful?
Please give us your feedback.
Thank you for your feedback.