» IT tipps and howto's
How To: Import SSL Certificates in Windows Server 2003/2008 and configure IIS
Last Update: September 28 2010
Being a fan of Apache I never really understood the actual usage of IIS (Internet Information Server) but sometimes
you have to play by the rules and use it for existing applications like Exchange Webmail. As IIS is supposed to be a webserver
easy to manage for click-and-play-admins (my synonym for Windows admins) I was surprised how complicated it is, to replace an
existing SSL certificate...
Open MMC via Start->Run:
In the new opened MMC Console click on File->Add/Remove Snap-in...
Another new window opens. Select Certificates on the left and click on Add:
Select Computer account:
Then select Local computer (selected by default):
Now you're back in the MMC window where Certificates have been added. Click on OK.
On the left side, open Certificates->Personal->Certificates. On the right-hand side you find the already installed certificates:
Right-click on the Certificates-folder, select All Tasks->Import... :
The Certificate Import Wizard opens, click on Next. In the following step you need to browse for your certificate:
An Explorer windows opens where you can browse where you have saved your certificate. Don't forget to set the correct certificate type, otherwise your certificate won't be shown:
Now that you have selected the certificate, click on Next:
And the Wizard doesn't stop... yet. If your private key needs a password, type it in, otherwise leave it blank like this:
Place the certificate in the 'Personal' certificate store:
Now you finally get the last Wizard page where you have to click on Finish:
And back in the MMC Console the new certificate will show up in the list:
Funny news: That was only the import part! We still need to do the IIS configuration! The configuration on Windows 2003 (IIS 6.0) and Windows 2008 (IIS 7.0) is different, so I'll show both.
IIS 7.0 on Windows 2008
Start Internet Information (IIS) Manager and right-click on the selected website, click on 'Edit Bindings...':
Click on the binding with port 443 (SSL) and click on Edit. A new window opens where you can select the SSL certificate from the list. If you have certificates with the same name, you can click on 'View' to see the certificate details:
There might appear two warnings if you want to replace the existing certificate (in case there was already a certificate before), click twice on 'Yes' in this case.
IIS 6.0 on Windows 2003
Start Internet Information (IIS) Manager and right-click on the affected web-site. Click on Properties:
In the new opened Properties window, change into the 'Directory Security' tab. At the bottom click on the button 'Server Certificate':
This launches a Wizard. On the first page, click on Next. Then select the option 'Replace the current certificate':
Now select the certificate you imported before (check the expiration date if you have several certificates with the same name). Click a few times on next until you can click on Finish.