picture of tbs certificates
picture of tbs certificates
Our products range

Install a PFX file on IIS7 or IIS8

This procedure allows you to install a PFX file. This file can be generated in the case of a server migration, or when creating a backup file.

If you have generated your private key with our Keybot tool ("Automatic" method), you can generate a PFX file directly from the certificate status page, by clicking on the "Generate PFX/PEM" button (more info on Keybot).

NB: This procedure also applies if you have a PKCS#12 file with a .p12 extension containing your certificate, its private key and its certification chain. Indeed, the .pfx and .p12 extensions correspond to the same type of file.

1- Launch the MMC

  • Click  Start, select   Run and enter mmc
  • Click   File and select   Add/Remove Snap in
  • Click   Add, select   Certificates in the   Standalone Snap-in list and click   Add
  • Select   Computer Account and click   Next
  • Select   Local Computer and click   Finish
  • Close the window and click OK in the upper window

2- Import the PFX file

  • Go to the Personal Certificates repertory
  • Right click on it and select All tasks > Import
  • Via the wizard, search for your .pfx file
  • Enter your.pfx opening password
  • check the box to "Mark this key as exportable"
  • Finally, choose to automatically place the certificates in the certificate stores based on the type of the certificate.
  • Click Finish
  • Close the MMC

3.1 - Bind the certificate in IIS 7

  • Go to the Administrative Tools, then Internet Information Services (IIS) Manager and select the website among the list on the left.
  • In the Action panel, click on Bindings
  • Click New
  • Select the "https" protocol
  • Select the certificate you imported

3.2 - Bind the certificate in IIS 8

Via the web interface, the installation process is similar to IIS7. It is also possible to make the link via the PowerShell

New-WebBinding -Name "SITE_NAME" -Protocol https -Port 443 -HostHeader -SslFlags 1

The value of -SslFlags is either 0 (without SNI) or 1 (with SNI) if you use the local store (versus store in CCS which is not explained here).

You can chck the installation with

netsh http show sslcert

4- Run a test

Check the access of your website's secured pages with IE 6 and Firefox. IE 7 and Firefox 3 may display an error message to tell you the site names are not matching, as you are running a local test.

Useful links

For security matters, it is advised to:

Conversions and platforms changement: