Install a Microsoft IIS5 or IIS6 certificate

You received your certificate by email. Keep it within reach.

1- Retrieve your certificate on your server

Download the overall file (.p7b) indicated in the delivery mail and save it on your desktop.

Warning: If you are using a X509 certificate (.cer) you will have to install manually intermediary certificates and root certificate. It is way faster to follow this new installation procedure.

2- Import the certificate

• Select "Administrative Tool" in the launch menu.
• Launch "Internet Services Manager" (IIS)"
• Go back on the website where you generated your certificate request (generaly the Default Web Site) and open the properties window. To do so, right click on the website or select Properties in the menu.
• Open the "Directory Security" tab.
• Click on "Server Certificate". The helper appears.
• Select the option: "Process the Pending Request and Install the Certificate". Then click Next.
• Place the filter on *.* and select the file inside which you downloaded your certificate. Click Next.
• Select the SSL port your website should be using (443 by défault) and click Next.
• Read the summary displayed on the screen and make sure you indicated the right certificate and click Next.
• You get a confirmation. Read it and click Finish. That's it!

3- Run a test

Do not forget to activate the encypherment (in the Directory security tab find the Secured communications section and click on Modify... Then tick Request a secured channel). If not non-SSL access will remain possible.

Check the access of your website's secured pages with IE 6 and Firefox.

Particular case: renew a certificate

If you are installing a certificate after a renew you probably used a temporary website to prevent an interruption of the main website. (See Renew a certificate with Microsoft IIS 5 or 6).
In that case, follow the previous instructions to import the certificate on the temporary website.

Then activate the new certificate on the main site. To do so:

• Open the properties window of the main website. To do so, right click or select Properties in the menu.
• Open the "Directory Security" tab.
• Click on "Server certificate". The helper appears.
• Select the option "Replace the certificate" then click Next.
• In the dropdown menu select your new certificate (spot it with its expiration date). Click Next.
• Read the summary displayed on the screen and make sure you indicated the right certificate and click Next.
• Done! Your main site is now using the new certificate.

Enforce 128-bit

You can enforce a 128-bit encryption even with a 40-bit guaranted certificate. To do so, in the Directory security tab find the Secured communications section and click Modify... then tick 128-bit channel.

External links

• Microsoft's official documentation for certificates under IIS6
• Microsoft SSL Diagnostics Version 1.1 (x86)
  


• Export your certificate and its private key on a Microsoft server (IIS5 / IIS6 / IIS7 / Exchange / ISA ...)
• Import a PFX file on your Microsoft server
• Install intermediary certificates or root certificates manually
• Enforce 128-bit under IIS
• IIS mixes up websites and does not launch SSL after reboot
• Install a certificate after having delated the current certificate request
• Desactivate Thawte PCA (2036) root
• Desactivate the VeriSign Class 3 Public Primary Certification Authority root - G5 (2036)