Installing a Certificate on IIS Servers
Last updated: 2020-02-25 16:45:00PDF
This document describes how to install an SSL certificate in IIS.
- This document uses the domain name
www.domain.comas an example.
- This document takes Windows 10 as an example. The detailed steps vary slightly by OS version.
The certificate package for the domain name
www.domain.comin the SSL Certificates Service Console has been downloaded and decompressed to a local directory.
After decompression, you can get the certificate files in the relevant types, including Nginx folders and CSR files:
- Folder name: IIS
- Folder content:
keystorePass.txtPassword file (if the private key password is set, none
- CSR file content:
The CSR file is uploaded by you or generated online by the system when you apply for the certificate and is provided to the CA. It is irrelevant to the installation.
Open the IIS Manager, select the computer name, and double-click "Server Certificates" to open it, as shown below:
In the "Actions" column to the right of the Server Certificates window, click Import, as shown below:
In the "Import Certificate" pop-up window, select the path where the certificate file is stored, enter the password, and click OK, as shown below:
If you set a private key password when applying for the certificate, enter the private key password; otherwise, enter the password in the keystorePass.txt file in the IIS folder. For more information, see Private Key Guidelines.
Select the name of a site in "Sites" and click Site Bindings in the "Actions" column on the right, as shown below:
In the "Site Bindings" pop-up window, click Add, as shown below:
In the "Add Site Binding" window, set the site type to HTTPS and the port to 443, specify the corresponding SSL certificate, and click OK, as shown below:
Once you made the addition, the new content will be available to view in the "Site Bindings" window, as shown below:
Security Configuration for Automatic Redirect from HTTP to HTTPS (Optional)
Download and install the URL Rewrite module before performing the following steps.
- For normal redirect, edit the rule in the following steps. If you have other needs, you can set it on your own.
- During the redirect from HTTP to HTTPS, if your website element contains external links or uses the HTTP protocol, the entire webpage is not completely based on HTTPS. In this case, some browsers may prompt for insecurity such as "this link is insecure" due to those factors. You can view the error reason by clicking "Details" on the insecure page.
Open the IIS Manager.
Select the site name under the site, and double-click to open URL rewrite.
Enter the "URL Rewrite" page and click Add Rule (s) In the "Actions" column on the right.
In the "Add Rule (s)" pop-up window, select Blank rule And click OK .
Go to the Edit inbound rules page.
- Name: Enter forced HTTPS.
- Matching URL: is entered manually in the pattern
- Conditions: Click To expand and click "Add" to pop up the "Add Condition" window.
- Condition input:
- Check if input string: Select "Matches the Pattern" by default.
- Pattern: Enter
- Condition input:
- Action: Enter the following parameters.
- Action Type: Select "Redirect".
- Redirect URL:
- Redirect Type: Select "See Other (303)".
Click Apply in the "Actions" column to save.
Return to the "Sites" page and click Restart in the "Manage Website" column on the right. Then, the website can be accessed using
If anything goes wrong during this procedure, contact us.