Install a certificate with Microsoft IIS8.X/10.X and Windows Server 2012/2016

Retrieve your certificate on your server

You can only use this method if you generated your CSR on Windows. If you used our tool keybot, please consult our pfx importation guide.

Retrieve your certificate in format p7b (installation global format) by following the link provided in the delivery email or via your certificate status page.
Create/move the p7b file on your server.

Launch Internet Information Services (IIS) Manager from Administrative tools.
Select Server Certificates
Select Complete Certificate Request in the Actions menu of the right window.
Then select your p7b file and give it a recognizable name and a store.

Then validate to add your certificate.
It should now be available in your certificates list.

In Internet Information Services (IIS) Manager, select your site.
Select the Bindings option of the Actions menu on the right side of the window.
Then select Add
Then select HTTPS protocol and the certificate you previously added.

We recommand to disable SSLv2 and SSLv3 protocols.
We recommend enabling HSTS (IIS configuration).
To limit the security risks linked to Diffie-Helman configuration and to the Logjam vulnerability, we recommand to configure IIS Cipher suites. For more information consult this documentation and this Microsoft documentation and the Mozilla recommendations about compatibility (be carrefull, those recommendations are not compatible with IIS, contrary to the 2 previous links).
We also recommend disabling the RC4 and 3DES encryption algorithms. See our documentation.

And discover IIS Crypto by NARTAC, a toolthat will help you do modifications in IIS (compatible with IIS6).

The is also a powershell script aloowing to apply all those security recommandations: external link.