picture of tbs certificates
picture of tbs certificates
Our products range

Generate a CSR with Microsoft IIS8.X/10.X and Windows Server 2012/2016

Import the certificate

Attention: You must not import the PFX via IIS because its import wizard cannot handle certificate chains.

  • Open the Windows launch tool with Run from the Run menu or with the keyboard shortcut Win+r. Then enter mmc and click OK.
    Dialogue Run
  • Click on the File menu and then on Add/Remove Snap-in.
    Add/Remove Snap-in
  • Click on Certificates then on Add.
    Snap-in addition
  • Select your kind of current account (Windows) the complete the information requested.
    Kind of account dialog
  • Then validate by clicking OK.
    Finalization of Snap-in addition
  • You can now open the Certificates menu to find the store that will contain your certificate. Select its sub-file Certificates. Then right click in the center part of the window and select the All tasks - Import option.
    Certificates list - All tasks menu - Import
  • Click on Next.
    Import dialog - Welcome
  • Select your pfx file. Please note that the dialog box tries to find another kind of file by default. Then click on Next.
    File - Import dialog
  • Enter the password protecting the certificate. Make sure the box Mark this key as exportable is checked. If not, you won't be able to export your key.
    Security - Export dialog
  • Select the store that will contain the certificate. It is very strongly recommended to select the Automatically select the certificate store based on the type of certificate option in order to distribute each element of the certification chain in the adequat stores.
    Store - Export dialog
  • Confirm the certificate import by clicking on Finish.
    Finalization - Export Dialog
    Success sub-dialog - Export Dialog

Bind the certificate

  • In Internet Information Services (IIS) Manager, select your site.
    Site view
  • Select Bindings option from the Actions menu on the right hand side of the window.
    Action - Bindings Menu
  • Then select Add
    Add Button
  • Then select the HTTPS protocol and the certificate you previously added.
    Binding certificate

Security recommendations

And discover IIS Crypto by NARTAC, a toolthat will help you do modifications in IIS (compatible with IIS6).

The is also a powershell script aloowing to apply all those security recommandations: external link.

See also: