Header RSS Feed
 
» IT tipps and howto's

How To: Import SSL Certificates in Windows Server 2003/2008 and configure IIS

Last Update: September 28 2010

Being a fan of Apache I never really understood the actual usage of IIS (Internet Information Server) but sometimes you have to play by the rules and use it for existing applications like Exchange Webmail. As IIS is supposed to be a webserver easy to manage for click-and-play-admins (my synonym for Windows admins) I was surprised how complicated it is, to replace an existing SSL certificate...

Open MMC via Start->Run:
Windows import SSL certificates

In the new opened MMC Console click on File->Add/Remove Snap-in...
Windows import SSL certificates

Another new window opens. Select Certificates on the left and click on Add:
Windows import SSL certificates

Select Computer account:
Windows import SSL certificates

Then select Local computer (selected by default):
Windows import SSL certificates

Now you're back in the MMC window where Certificates have been added. Click on OK.
Windows import SSL certificates

On the left side, open Certificates->Personal->Certificates. On the right-hand side you find the already installed certificates:
Windows import SSL certificates

Right-click on the Certificates-folder, select All Tasks->Import... :
Windows import SSL certificates

The Certificate Import Wizard opens, click on Next. In the following step you need to browse for your certificate:
Windows import SSL certificates

An Explorer windows opens where you can browse where you have saved your certificate. Don't forget to set the correct certificate type, otherwise your certificate won't be shown:
Windows import SSL certificates

Now that you have selected the certificate, click on Next:
Windows import SSL certificates

And the Wizard doesn't stop... yet. If your private key needs a password, type it in, otherwise leave it blank like this:
Windows import SSL certificates

Place the certificate in the 'Personal' certificate store:
Windows import SSL certificates

Now you finally get the last Wizard page where you have to click on Finish:
Windows import SSL certificates

And back in the MMC Console the new certificate will show up in the list:
Windows import SSL certificates

Funny news: That was only the import part! We still need to do the IIS configuration! The configuration on Windows 2003 (IIS 6.0) and Windows 2008 (IIS 7.0) is different, so I'll show both.

 

IIS 7.0 on Windows 2008

Start Internet Information (IIS) Manager and right-click on the selected website, click on 'Edit Bindings...':
Windows import SSL certificates

Click on the binding with port 443 (SSL) and click on Edit. A new window opens where you can select the SSL certificate from the list. If you have certificates with the same name, you can click on 'View' to see the certificate details:
Windows import SSL certificates

There might appear two warnings if you want to replace the existing certificate (in case there was already a certificate before), click twice on 'Yes' in this case.

 

IIS 6.0 on Windows 2003

Start Internet Information (IIS) Manager and right-click on the affected web-site. Click on Properties:
Windows import SSL certificates

In the new opened Properties window, change into the 'Directory Security' tab. At the bottom click on the button 'Server Certificate':
Windows import SSL certificates

This launches a Wizard. On the first page, click on Next. Then select the option 'Replace the current certificate':
Windows import SSL certificates

Now select the certificate you imported before (check the expiration date if you have several certificates with the same name). Click a few times on next until you can click on Finish.


Go to Homepage home
Linux Howtos how to's
Monitoring Plugins monitoring plugins
Links links

Valid HTML 4.01 Transitional
Valid CSS!
[Valid RSS]

6979 Days
until Death of Computers
Why?