Installation Instruction for Microsoft IIS 7.0 and 7.5

Solution ID:    SO9071    Updated:    06/05/2017

Solution

 This document provides instructions for installing SSL Certificates into IIS 7.x. If you are unable to use these instructions for your server, Symantec recommends that you contact Microsoft.

Symantec now offers the Symantec SSL Assistant to make it easy to generate a CSR and install a certificate for Microsoft IIS 7.0 servers running .NET 2.0 or higher.
 

Watch a video demo to easily install an SSL Certificate on a Microsoft IIS 7.0 server

NOTE:If you are unable to view the video player, please click here to view from the video's web page.

 

This solution contains two methods to install your SSL Certificate:

Method 1: Installing the certificate received via e-mail.

Method 2 (recommended): Installing the certificate downloaded from the Symantec Trust Center account.
 
 
Method 1: Download and Install SSL certificate sent via e-mail
 
Step 1: Obtain the SSL certificate sent via email:
 
         Your Symantec certificate will be sent via email. The certificate is imbedded in the body of the email.
         Copy the SSL certificate and make sure to copy the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- header and footer
         Ensure there are no white spaces, extra line breaks or additional characters.
         Use a plain text editor such as Notepad, paste the content of the certificate and save it with extension .txt 

         NOTE: If you selected Microsoft IIS  5.0 or above during enrollment, continue with the installation from here.


          If you are not sure which server software was selected during the enrolment, proceed with Step 2 bellow.
          
Step 2: Download and Install the Intermediate CAs:
 
          To download and install the Intermediate CAs follow the steps from this link: SO13415 .
 
Step 3: Install the SSL certificate:
 
          To proceed with the installation steps for your SSL certificate click here.
Step 1: Download the SSL certificate from Symantec Trust Center account:

          Download the certificate from Symantec Trust Center by following the steps from this link: SO8061
 
          Make sure you download the certificate in PKCS#7 format and save it with the extension .txt or .p7b

Step 2: Install Certificate:

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. From the left menu, click the corresponding server name
  3. In the Features pane (middle pane), under Security, double-click Server Certificates
  4. From the Actions pane (right pane), select Complete Certificate Request
  5. Provide the location of the certificate file and the friendly name
    NOTE: Friendly name is a reference name (e.g. hostname.symantec.com) for quick identification of the certificate for the Administrator.

         NOTE: With a Wildcard certificate, you want to make sure to give it a wildcard friendly name. Example: *.symantec.com.

         IIS 7.X  will not let you set an SSL host header unless the friendly name starts with * when you bind your certificate to your sites.

      

At this point the server may respond with one of the two known errors;

CertEnroll::CX509Enrollment::p_InstallResponse:ASN1 bad tag value met. 0x8009310b (ASN: 267) 
Click SO10035 for the resolution to this message.

or

Cannot find the certificate request associated with this certificate file. 
A certificate request must be completed on the computer where it was created. 
  
          
Click SO12089 for the resolution to this message.

 

 In IIS7, you need to install the certificate and then bind the HTTPS protocol to the site


Step 3: Binding certificate to the web site:

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. Browse to your server name > Sites > Your SSL-based site
  3. In the Actions pane, click Bindings.


     
  4. In the Site Bindings window, If there is no existing https binding, choose Add and change Type from HTTP to HTTPS
    NOTE: if there is already a https binding, select it and click Edit


     
  5. From the SSL Certificate drop down, Select the Friendly Name for the SSL certificate that will be used for this site
     
  6. Click OK


Step 4:  Verify certificate installation:

  1. Verify your installation with the Symantec Installation Checker
  2. In some cases you may need to Stop and start your Web server prior to any testing. 
    NOTE: In some cases the changes may not take place after restarting IIS Services and a reboot is needed.



Additional Notes:

             If you do not specify an IP address when installing your SSL Certificate, the same ID will be used for all
             virtual servers created on the system.
 
            If you are hosting multiple sites on a single server, you can specify that the ID only be used for a 
            particular server IP address.

Microsoft Support
 
            For more information, contact Microsoft.

 

Disclaimer:

Terms of use for this information are found in Legal Notices

Contact Support

Find Answers

Languages