Windows IIS
      Back to home
      1. Help Center
      2. How To
      3. Windows IIS

      Install an SSL/TLS Certificate in Windows IIS 10

      Note: Before you install a certificate, you will first need to generate a certificate signing request (CSR) and submit it to SSL.com for validation and signing. Please refer to our how-to on CSR generation in IIS 10 and guide to submitting a CSR.

      Time needed: 30 minutes.

      This how-to will walk you through downloading and installing an SSL/TLS certificate from SSL.com in IIS. These procedures were tested on Windows 10 in IIS 10, but will also work in IIS 7.x and 8.x.

      1. Locate certificate order.

        First, locate the order in your SSL.com account and click one of the download links.
        Certificate order

      2. Download certificate.

        Next, click the download link to the right of Microsoft IIS (*.p7b) in the certificate downloads table.
        Download certificate

      3. Start IIS Manager.

        Start IIS Manager. One quick way to do this is by opening the Run command, then typing inetmgr and clicking the OK button.
        Run window

      4. Select server.

        Select the server in the Connections pane, on the left side of the window.
        Select server

      5. Open Server Certificates.

        Double-click the Server Certificates icon, located under IIS in the center pane of the window.
        Server Certificates Icon

      6. Click "Complete Certificate Request..."

        Click Complete Certificate Request... in the Actions pane, on the right side of the window.
        Complete Certificate Request

      7. Click ... button.

        The Complete Certificate Request wizard will appear. First, click the button labeled "..." to open the file open dialog box.
        Open file dialog

      8. Navigate to certificate file.

        Navigate to the .p7b file you downloaded from SSL.com. Note that you will have to change the drop-down menu to the right of the File name field from *.cer to *.* to see the file.
        navigate to file

      9. Open file.

        Click the Open button.
        Open button

      10. Create a friendly name.

        Next, enter a memorable name for the certificate in the Friendly name field (here we are simply entering the certificate's common name).
        friendly name

      11. Click OK.

        Click the OK button.
        OK button

      12. Finished!

        The certificate is installed! The next step is to bind the certificate to a particular website, port, and/or IP address. Please read our how-to on binding in IIS for complete instructions.

        If you received an error message about the private key/certificate request being missing, then try the following from a Command Prompt opened as Administrator (substitute "serial number" with your certificate's actual serial number, in quotes, including spaces):
        certutil -repairstore my "serial number"
        Detailed instructions are available here.

        installed certificate

      Next Steps

      For information on binding your certificate in IIS 10, read here.