Install a certificate with Microsoft IIS8.X/10.X and Windows Server 2012/2016
Retrieve your certificate on your server
You can only use this method if you generated your CSR on Windows. If you used our tool keybot, please consult our pfx importation guide.
- Retrieve your certificate in format p7b (installation global format) by following the link provided in the delivery email or via your certificate status page.
- Create/move the p7b file on your server.
Import the certificate
- Launch Internet Information Services (IIS) Manager
from Administrative tools.
- Select Server Certificates
- Select Complete Certificate Request in the Actions menu of the right window.
- Then select your p7b file and give it a recognizable name and a store.
Then validate to add your certificate. - It should now be available in your certificates list.
Link the certificate
- In Internet Information Services (IIS) Manager,
select your site.
- Select the Bindings option of the Actions menu on the right side of the window.
- Then select Add
- Then select HTTPS protocol and the certificate you previously added.
Security recommandations
- We recommand to disable SSLv2 and SSLv3 protocols.
- We recommend enabling HSTS (IIS configuration).
- To limit the security risks linked to Diffie-Helman configuration and to the Logjam vulnerability, we recommand to configure IIS Cipher suites. For more information consult this documentation and this Microsoft documentation and the Mozilla recommendations about compatibility (be carrefull, those recommendations are not compatible with IIS, contrary to the 2 previous links).
- We also recommend disabling the RC4 and 3DES encryption algorithms. See our documentation.
And discover IIS Crypto by NARTAC, a toolthat will help you do modifications in IIS (compatible with IIS6).
The is also a powershell script aloowing to apply all those security recommandations: external link.
See also:
- Generate a CSR with Microsoft IIS8.X/10.X and Windows Server 2012/2016
- Save a certificate on Microsoft IIS8.X/10.X and Windows Serveur 2012/2016
- Install a pfx file with Microsoft IIS8.5 IIS8.X/10.X and Windows Server 2012/2016
- Disable an Intermediate or Root Certificate on Windows Server
- Creating a directory starting with a dot on windows
Last edited on 05/31/2019 08:52:39 --- [search]