Install an SSL/TLS Certificate in Windows IIS 10

This how-to will walk you through installing an SSL/TLS certificate in IIS 10. These procedures will also work in IIS 7.x and 8.x.

Related Content

How to Change your Thales SafeNet/Gemalto Token Password

August 28, 2024

Enabling Third-Party Signing Certificates with eSigner Cloud Signing

August 7, 2024

Send a Secure Email using a S/MIME Certificate in the new Outlook for Mac

August 7, 2024

S/MIME Certificate Management with Microsoft Azure Active Directory and inTune using SSL.com Azure Integration Tool

July 23, 2024

Generate a Certificate Signing Request in Azure Key Vault

June 18, 2024

Want to keep learning?

Subscribe to SSL.com’s newsletter, stay informed and secure.

Copy article link

Note: Before you install a certificate, you will first need to generate a certificate signing request (CSR) and submit it to SSL.com for validation and signing. Please refer to our how-to on CSR generation in IIS 10 and guide to submitting a CSR. Note that you can also order and install SSL/TLS certificates with SSL Manager, SSL.com’s free tool for Windows certificate management.

Time needed: 30 minutes

This how-to will walk you through downloading and installing an SSL/TLS certificate from SSL.com in IIS. These procedures were tested on Windows 10 in IIS 10, but will also work in IIS 7.x and 8.x.

  1. Locate certificate order. First, locate the order in your SSL.com account and click one of the download links.
    Certificate order
  2. Download certificate. Next, click the download link to the right of Microsoft IIS (*.p7b) in the certificate downloads table.
    Download certificate
  3. Start IIS Manager. Start IIS Manager. One quick way to do this is by opening the Run command, then typing inetmgr and clicking the OK button.
    Run window
  4. Select server. Select the server in the Connections pane, on the left side of the window.
    Select server
  5. Open Server Certificates. Double-click the Server Certificates icon, located under IIS in the center pane of the window.
    Server Certificates Icon
  6. Click “Complete Certificate Request…” Click Complete Certificate Request… in the Actions pane, on the right side of the window.
    Complete Certificate Request
  7. Click … button. The Complete Certificate Request wizard will appear. First, click the button labeled “” to open the file open dialog box.
    Open file dialog
  8. Navigate to certificate file. Navigate to the .p7b file you downloaded from SSL.com. Note that you will have to change the drop-down menu to the right of the File name field from *.cer to *.* to see the file.
    navigate to file
  9. Open file. Click the Open button.
    Open button
  10. Create a friendly name. Next, enter a memorable name for the certificate in the Friendly name field (here we are simply entering the certificate’s common name).
    friendly name
  11. Click OK. Click the OK button.
    OK button
  12. Finished! The certificate is installed! The next step is to bind the certificate to a particular website, port, and/or IP address. Please read our how-to on binding in IIS for complete instructions.

If you received an error message about the private key/certificate request being missing, then try the following from a Command Prompt opened as Administrator (substitute “serial number” with your certificate’s actual serial number, in quotes, including spaces):
certutil -repairstore my "serial number"
Detailed instructions are available here.

installed certificate

Next Steps

For information on binding your certificate in IIS 10, read here.

Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. You can also find answers to many common support questions in our knowledgebase.