How to install SSL/ TLS on IIS?

Question

After generating the CSR and receiving the SSL/TLS certificates from the certificate authority. now, you need to install each certificate on the Web Server (IIS).

• Personal certificate
• Intermediate certificate
• Trusted root certificate

How to install the Personal certificate on IIS?

1. Double-click on the certificate with a .cer or .crt extension to import it.
2. Click "Install Certificate".

3. Choose store location Local Machine then Next

4. Allow the app to make changes to the device.

5. Choose the certificate store place click browse and choose the type of the certificate file here we will choose Personal

6. Click Finish to complete importing the certificate and a success window will be shown

In the same server that the CSR were created, after installation the personal certificate will be added automatically in the IIS.

Now you have to install the Trusted Root and Intermediate certificates.

 How to install the Trusted Root certificate on IIS?

1. Double-click on the certificate with the .cer or .crt extension to import it
2. Click Install Certificate 

3. Choose store location Local Machine then Next

4. Allow the app to make changes to the device

5. Choose the certificate store place click browse and choose the type of the certificate file here we will choose Trusted Root Certification Authorities

6. Click Finish to complete importing the certificate and a success window will be shown

How to install an Intermediate certificate on IIS?

1. Double-click on the certificate with the .cer or .crt extension to import it
2. Click Install Certificate 

3. Choose store location Local Machine then Next

4. Allow the app to make changes in the device

5. Choose the certificate store place click browse and choose the type of the certificate file here we will choose Intermediate Certification Authorities

6. Click Finish to complete importing the certificate and a success window will be shown

---

How to add the certificates to other servers?

To add the certificates to other servers, follow these steps:

1. In the server where the CSR was created and the personal certificate was added, from the server certificate list choose the certificate that has just been added and click Export which will create a .pfx certificate.

2. Choose where to store the exported certificate and add the password to be secure.

 

3. Copy and paste the exported personal certificate in other servers and install it same as previous steps but has additional steps:

• 1. Double-click on the certificate with the .cer or .crt extension to import it
  2. Click install certificate 

  

  3. Choose store location Local Machine then Next

  

  4. Allow the app to make changes to the device

  

  5. Specify the file name that you want to import then Next

  

  6. Enter the password for the private key that was assigned during the export process then Next

  

  7. Choose the certificate store place click browse and choose the type of certificate Personal

  

  8. Click Finish to complete importing the certificate and a success window will be shown

  

You need to install the Trusted Root and intermediate certificates in all servers

4. In the Server Certificates go to complete certificate request

• • • Add the location of the personal certificate file
    • Enter the reference name for the certificate under Friendly Name to be added to the certificate list
    • Select Personal in the certificate store and click OK.

    

Now, the certificate should be added in the Server Certificates and you can bind it to the desired site.

---

See Also

• Introduction to Microsoft IIS
• How to install IIS in Windows 11?
• How to create a Certificate Signing Request (CSR)?