Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
picture of tbs certificates
picture of tbs certificates
Our products range

Install a PFX file on IIS7 or IIS8

This procedure explains how to install a pfx file. This file can be created for a server migration or during the generation of a backup file.
NB: This procedure can be applied if you have a PKCS#12 file (.p12 extension) containing your certificate, its private key and the certification chain. .pfx and .p12 extensions are referring to the same kind of files.

1- Launch the MMC

  • Click  Start, select   Run and enter mmc
  • Click   File and select   Add/Remove Snap in
  • Click   Add, select   Certificates in the   Standalone Snap-in list and click   Add
  • Select   Computer Account and click   Next
  • Select   Local Computer and click   Finish
  • Close the window and click OK in the upper window

2- Import the PFX file

  • Go to the Personal Certificates repertory
  • Right click on it and select All tasks > Import
  • Via the wizard, search for your .pfx file
  • Enter your.pfx opening password
  • check the box to "Mark this key as exportable"
  • Finally, choose to automatically place the certificates in the certificate stores based on the type of the certificate.
  • Click Finish
  • Close the MMC

3.1 - Bind the certificate in IIS 7

  • Go to the Administrative Tools, then Internet Information Services (IIS) Manager and select the website among the list on the left.
  • In the Action panel, click on Bindings
  • Click New
  • Select the "https" protocol
  • Select the certificate you imported

3.2 - Bind the certificate in IIS 8

Via lthe web interface, the installation procedure is the same than on IIS7. You can also bind your certificate via the PowerShell

New-WebBinding -Name "SITE_NAME" -Protocol https -Port 443 -HostHeader -SslFlags 1

The value of -SslFlags is either 0 (without SNI) or 1 (with SNI) if you are using the local store (versus CCS storage that is not explained here).

You can chck the installation with

netsh http show sslcert

4- Run a test

Check the access of your website's secured pages with IE 6 and Firefox. IE 7 and Firefox 3 may display an error message to tell you the site names are not matching, as you are running a local test.

Useful links

For security matters, it is advised to:

Conversions and platforms changement: