This page explains how to install a certificate for most web servers running on Windows with IIS. Some other web applications may involve additional steps to install the certificate, after installing it on IIS.

1. Download the certificate from the email.
   
2. The typical file to download is the PKCS#7, Base64 encoded file. It will download a .crt file. Another option is to download the X509 Certificate only, Base64 encoded file, which is a .cer file.
   
3. Save the certificate file and upload it to the server that needs the new certificate. 
   
4. Go to the Start menu and search for "mmc.exe" and open it.
   
5. Go to File > Add/Remove Snap-In
   
6. Select Certificates and click Add.
   
7. Select Computer Account and click Next.
   
8. Select Local computer and click Finish
   
9. Click OK to finish adding the Certificates snap-in. The MMC window will display the Certificates listing in the left.
   
10. Expand Personal and click on Certificates in the left pane. The center pane will list the certificates stored on the server.
    
11. Go to Action > All Tasks > Import. Click Next and select the .crt file that was uploaded to the server.
    
12. Complete importing the certificate. It will now be listed along with the other server certificates.
    
13. Go to Server Manager > Internet Information Services (IIS) Manager.
    
14. Under Connections in the left pane, select the server and click on Server Certificates.
    
15. Click "Complete Certificate Request" on the right pane
    
16. Select the certificate file from where you saved it.
    
17. In the Friendly Name, enter the domain name of the server, (i.e. hostname.its.hawaii.edu.)
    
18. Select "Personal" as the certificate store.
    
19. After clicking OK, the new certificate will now show up in IIS.
    
20. In the left pane under Connections, expand Sites and click on Default Web Site.
    
21. Under Actions in the right pane, click on Bindings.
    
22. Select https and click Edit. The host name field can be left blank. Under SSL certificate, click the Select button to choose the new certificate from the list. To confirm that the correct certificate is selected, click on the View button. Click on OK to save and close.
    
23. Go back to the left pane and click on the name of the server, then click on Restart on the right side to restart IIS so that it loads the certificate. This will temporarily take down the website during the restart.
    
24. After IIS restarts, open up the website on a browser and view the certificate. The website's certificate should now be the new one.
    
25. After confirming that the new certificate works, we can delete the old certificate. Go back to Certificates on the MMC, and right-click to delete the old one. Restart IIS again and view the website to make sure everything is up and working.

 

^
BACK TO TOP

Use of this site implies consent with our Usage Policy | The University of Hawai‘i is an Equal Opportunity Institution
© 2015 Information Technology Services | All Rights Reserved | University of Hawai‘i System