Before You Begin
You will need these three files from your SSL certificate download:
Installation Steps
-
Convert to PFX
IIS requires a .pfx file combining certificate and private key. Convert using OpenSSL.
openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.crt -certfile ca_bundle.crt -
Open IIS Manager
Open IIS Manager from Server Manager or the Start menu and select your server name.
-
Open Server Certificates
Double-click Server Certificates in the IIS section panel.
-
Import the PFX
Click Import in the Actions pane, browse to your .pfx file, and enter the export password.
-
Open Site Bindings
Expand Sites, select your website, and click Bindings in the Actions pane.
-
Add HTTPS binding
Click Add, set Type to https, port 443, and select your imported certificate from the dropdown.
-
Apply and verify
Click OK, then browse to https://yourdomain.com to confirm the padlock appears.
Common Issues
- The password you entered is incorrect
- When importing the PFX, IIS requires the exact password you set during the OpenSSL export step. If you have forgotten the password, re-run the
openssl pkcs12 -exportcommand and set a new password. - Certificate does not appear in the dropdown
- Verify that you imported the certificate under the correct server node in IIS Manager, not just into the local machine certificate store via MMC. Navigate to the server root, open Server Certificates, and import from there.
- ERR_SSL_PROTOCOL_ERROR
- TLS 1.2 may be disabled on your Windows server. Enable it through the registry or use the IIS Crypto tool (by Nartac Software) to enable TLS 1.2 and TLS 1.3 with one click.
Frequently Asked Questions
Certificate Installed? Set Up Expiry Monitoring.
Get an email reminder 14 days before your certificate expires - free, no account needed.