Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Install a PFX file on IIS 5 or 6

Follow this procedure to install a pfx file. This file can be generated for a server migration or during the creation of a backup file.
NB: This procedure can also be applied to PKCS#12 files (.p12 extension) containing your certificate, its private key and the certification chain. .pfx and .p12 extensions are used for the same kind of files.

1- Launch the MMC

Direct link to launch the certificates manager:
click on Start, on execute, enter certmgr.mmc then click OK.

Or use the following procedure:
  • Click on  Start then select  Run and enter mmc
  • Click on the   File menu and select  Add/Remove Snap in
  • Choose  Add, select  Certificates in the  Standalone Snap-in list then click  Add
  • Choose  Computer Account and click on  Next
  • Choose  Local Computer and click on  Finish
  • Close the window and click OK on the previous window

2- Import the PFX file

  • Go to the personal certificates repertory
  • Right click on it and select All tasks > Import
  • Look for your .pfx via the wizard
  • Enter the .pfx password
  • Check Mark cert as exportable
  • Select Automatically place the certificates in the certificate stores based on the type of the certificate
  • Click Finish
  • Close the MMC

3 - Link the certificate in IIS 5 or 6

  • On the Start menu, click Administrative Tools.
  • Go to "Internet Information Services (IIS) Manager"
  • Right click on the website and select Properties.
  • Open the Directory Security tab.
  • Click Server Certificate. The wizard opens.
  • Choose the "Replace your current certificate" option and click Next.
  • Select the new certificate among the list (see the expiration date). click Next.
  • Read the recap and click Next.
  • It's done! Your website now uses the new certificate.

4- Run a test

Check the access of your website's secured pages with IE 6 and Firefox. IE 7 and Firefox 3 may display an error message to tell you the site names are not matching, as you are running a local test.

Common issues on Windows:
"revocation check failed"

This issue is caused by the server which wants to check the CRL when importing the certificates. If its modul, that uses WinHTTP, cannot access internet, the operation fails.

Troubleshooting: See our FAQ about OCSP protocol support

Conversions and platforms changement: