JOIN OUR AFFILIATE NETWORK

Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus
Other activities


Install a Microsoft IIS5 or IIS6 certificate (or Exchange 2003+ for OWA service)

You received your certificate by email. Keep it within reach.

1- Retrieve your certificate on your server

Download the overall file (.p7b) indicated in the delivery mail and save it on your desktop.

Warning: If you are using a X509 certificate (.cer) you will have to install manually intermediate certificates and root certificate. It is way faster to follow this new installation procedure.

2- Import the certificate

  • Select "Administrative Tool" in the launch menu.
  • Launch "Internet Services Manager" (IIS)"
    IIS manager
  • Go back on the website where you generated your certificate request (generaly the Default Web Site) and open the properties window. To do so, right click on the website or select Properties in the menu.
  • Open the "Directory Security" tab.
  • Click on "Server Certificate". The helper appears.
    Website properties
  • Select the option: "Process the Pending Request and Install the Certificate". Then click Next.
    Request completion dialog
  • Place the filter on *.* and select the file inside which you downloaded your certificate. Click Next.
  • Select the SSL port your website should be using (443 by défault) and click Next.
  • Read the summary displayed on the screen and make sure you indicated the right certificate and click Next.
  • You get a confirmation. Read it and click Finish. That's it!

3- Run a test

Do not forget to activate the encypherment (in the Directory security tab find the Secured communications section and click on Modify... Then tick Request a secured channel). If not non-SSL access will remain possible.

Check the access of your website's secured pages with IE 6 and Firefox.

On the certificate's status page (in your tbs-certificates' center) you'll see a 'Check the certificate' button. Click it ti test the installation of your certificate.



Particular case: renew a certificate

If you are renewing your certificate, you probably have created a temporary website not to interrupt the functioning of the main website. Renew a certificate with Microsoft IIS 5 or 6).
In that case, follow the previous instructions to import the certificate on the temporary website.

Then activate the new certificate on the main site. To do so:

  • Open the properties window of the main website. To do so, right click or select Properties in the menu.
  • Open the "Directory Security" tab.
    Website properties
  • Click on "Server certificate". The helper appears.
  • Select the option "Replace the certificate" then click Next.
  • In the dropdown menu select your new certificate (spot it with its expiration date). Click Next.
  • Read the summary displayed on the screen and make sure you indicated the right certificate and click Next.
  • Done! Your main site is now using the new certificate.

Enforce 128-bit

You can impose a 128-bit encryption level even with 40-bit guaranteed certificate. To do so, in the 'Security' tab of the repertory, next to 'Secured communication' click 'Modify' and tick '128-bit channel'.

ADVICES AND RECOMMENDATIONS FROM TBS INTERNET

For security matters, it is advised to:

And discover NARTAC, a tool with which you'll be able to easily make your IIS modifications (compatible IIS6)



Possible scenario

"SSL Handcheck error" or SSL does not start

Make sure our certificate and its private key have been correctly installed. To do so, launch the MMC of your Windows server. Your certificate may have been placed in "container user" instead of " local computer" (due to a window bug).
You can troubleshoot with a local exportation and then a re-importation in the local computer.
http://support.microsoft.com/kb/939616/fr

External links