Install an SSL/TLS Certificate in IIS 10

This how-to will walk you through installing an SSL/TLS certificate in IIS. These procedures were tested on Windows 10 in IIS 10, but will also work in IIS 7.x and 8.x.

Note: Before you install a certificate, you will first need to generate a certificate signing request (CSR) and submit it to for validation and signing. Please refer to our how-to on CSR generation in IIS 10 and guide to submitting a CSR. Note that you can also order and install SSL/TLS certificates with SSL Manager,’s free tool for Windows certificate management.

1. Download the signed certificate from your account. First, locate the order in your account and click one of the download links.

download links


2. Next, click the download link to the right of Microsoft IIS (*.p7b) in the certificate downloads table.

certificate download table


3. Start IIS Manager. One quick way to do this is by opening the Run command, then typing inetmgr and clicking the OK button.

Run window


4. Select the server in the Connections pane, on the left side of the window.

Select server


5. Double-click the Server Certificates icon, located under IIS in the center pane of the window.

Server Certificates Icon


6. Click Complete Certificate Request… in the Actions pane, on the right side of the window.

Complete certificate request...


7. The Complete Certificate Request wizard will appear. First, click the button labeled “” to open the file open dialog box.

... button


8. Navigate to the .p7b file you downloaded from Note that you will have to change the drop-down menu to the right of the File name field from *.cer to *.* to see the file.

navigate to file


9. Click the Open button.

Open button


10. Next, enter a memorable name for the certificate in the Friendly name field (here we are simply entering the certificate’s common name).

friendly name


11. Select Web Hosting from the certificate store selection drop-down menu.

web hosting


12. Click the OK button.

OK button


13. The certificate is installed! The next step is to bind the certificate to a particular website, port, and/or IP address. Please read our how-to on binding in IIS for complete instructions.

installed certificate


If you received an error message about the private key/certificate request being missing, then try the following from a Command Prompt opened as Administrator (substitute “serial number” with your certificate’s actual serial number, in quotes, including spaces):

certutil -repairstore my "serial number"

Detailed instructions are available here.

Thank you for choosing! If you have any questions, please contact us by email at, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page.