picture of tbs certificates
picture of tbs certificates
Our products range

Install a Microsoft TMG or UAG 2010 certificate


To install a certificate on a TMG server, you must install it on the IIS server you used to generate your certificate request first.

Follow the instructions provided on this page
Install a Microsoft IIS5 or IIS6 certificate or Install a Microsoft IIS7 certificate
Retrieve the certificate and import it and then go back to this page.

Now you should see your certificate in IIS : click on the 'Display the certificate' button to check.

If you did not follow our instructions, make sure you installed the intermediate certificate if needed.

If your TMG is not on the same machine, create a .pfx file that will allow the transfer of the private key and the certificate(s). To do so, follow these instructions:
Create a backup file of your IIS5, IIS6 or IIS7 certificate and of its private key
then go back on this page.

Installation on ISA server

1- Launch the MMC

If your IIS and ISA are on the same machine, go directly to section 3.

  • Click   Start and select   Run and tape mmc
  • Click on the  File menu and select   Add/Remove Snap in
  • Click   Add, select  Certificates among the list of   Standalone Snap-in and click   Add
  • Choose   Computer Account and click   Next
  • Choose   Local Computer and click   Finish
  • Close the window and click OK on the upper window

2- Import the .pfx file

The .pfx file contains the certificate and its private key that you previously prepared.

  • Go to Personal then Certificates
  • Right click, choose All tasks then Import
  • A wizard opens. Select the file holding the certificate you want to import.
  • Then validate the choices by default
  • Make sure your certificate appears in the list and that the intermediate and root certificates are in their respective files. If not, place them in the appropriate file and replace existing certificates if needed.

3- Configure TMG

You might have to restart the machine for the modification to be taken into account.


For security matter, it is advised to:

See NARTAC, a toolthat will help you do modifications in IIS (compatible with IIS6).

There us also a powershell script to apply all those security recommandations: External link.

See as well:

Check your certificate installation with Co-Pibot:

On your certificate status page, click on the button "Check your certificate" to make sure your certificate has been correctly installed.