This document describes how to install a certificate on an IIS7 server.
Prerequisites
- The certificate is in the Issued state.
- You have obtained the certificate package.
Obtain the certificate file
- Download the certificate package from the KCM console and decompress the package to obtain the .pfx file and .pem file.
- Open the .pem file in Notepad, copy the second paragraph (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) to a text file and save it with intermediate.cer as the name.
Install the certificate
The .pfx file contains the server certificate (public key) and private key information. You can directly import the file to IIS. The .cer file is the intermediate CA certificate file and must be imported to the IIS certificate management system.
Import the intermediate CA certificate
To install the intermediate CA certificate for the server certificate:
- Launch the Run command window and enter mmc to open the MMC console.
- Choose File > Add/Remove Snap-in.
- From the Available snap-ins list, choose Certificates and click Add.
- In the Certificates snap-in dialog box, choose Computer account and click Next.
- In the Select Computer dialog box, use the default settings, and click Finish.
- In the Add or Remove Snap-ins dialog box, click OK.
- In the left pane, choose Console Root > Certificates (Local Computer) > Intermediate Certification Authorities > Certificates.
- Right-click a blank area of the window and choose All Tasks > Import.
- Follow the Certificate Import Wizard to import the intermediate certificate .cer file.
- Select Place all certificates in the following store and click Next. Then, click Finish.
Import the server certificate
- In the Internet Information Services (IIS) Manager, double-click Server Certificates.
- Right-click a blank area of the window and choose Import.
- In the Import Certificate dialog box, enter the password for the .pfx file.
- Under Connections in the Internet Information Services (IIS) Manager, expand your server name, and then expand Sites.
- Right-click on a website, and then click Edit Bindings.
- In the Site Bindings dialog box that appears, click Add.
- In the Add Site Binding dialog box, add the binding information and then click OK.
- Restart the IIS website. Use HTTPS to access the website to check whether the certificate has been installed correctly.