Install an SSL/TLS Certificate in Windows IIS 10

Note: Before you install a certificate, you will first need to generate a certificate signing request (CSR) and submit it to SSL.com for validation and signing. Please refer to our how-to on CSR generation in IIS 10 and guide to submitting a CSR. Note that you can also order and install SSL/TLS certificates with SSL Manager, SSL.com’s free tool for Windows certificate management.

Time needed: 30 minutes

This how-to will walk you through downloading and installing an SSL/TLS certificate from SSL.com in IIS. These procedures were tested on Windows 10 in IIS 10, but will also work in IIS 7.x and 8.x.

  1. Locate certificate order.

    First, locate the order in your SSL.com account and click one of the download links.
    Certificate order

  2. Download certificate.

    Next, click the download link to the right of Microsoft IIS (*.p7b) in the certificate downloads table.
    Download certificate

  3. Start IIS Manager.

    Start IIS Manager. One quick way to do this is by opening the Run command, then typing inetmgr and clicking the OK button.
    Run window

  4. Select server.

    Select the server in the Connections pane, on the left side of the window.
    Select server

  5. Open Server Certificates.

    Double-click the Server Certificates icon, located under IIS in the center pane of the window.
    Server Certificates Icon

  6. Click “Complete Certificate Request…”

    Click Complete Certificate Request… in the Actions pane, on the right side of the window.
    Complete Certificate Request

  7. Click … button.

    The Complete Certificate Request wizard will appear. First, click the button labeled “” to open the file open dialog box.
    Open file dialog

  8. Navigate to certificate file.

    Navigate to the .p7b file you downloaded from SSL.com. Note that you will have to change the drop-down menu to the right of the File name field from *.cer to *.* to see the file.
    navigate to file

  9. Open file.

    Click the Open button.
    Open button

  10. Create a friendly name.

    Next, enter a memorable name for the certificate in the Friendly name field (here we are simply entering the certificate’s common name).
    friendly name

  11. Click OK.

    Click the OK button.
    OK button

  12. Finished!

    The certificate is installed! The next step is to bind the certificate to a particular website, port, and/or IP address. Please read our how-to on binding in IIS for complete instructions.

    If you received an error message about the private key/certificate request being missing, then try the following from a Command Prompt opened as Administrator (substitute “serial number” with your certificate’s actual serial number, in quotes, including spaces):
    certutil -repairstore my "serial number"
    Detailed instructions are available here.

    installed certificate

Next Steps

For information on binding your certificate in IIS 10, read here.

Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. You can also find answers to many common support questions in our knowledgebase.

Subscribe To SSL.com’s Newsletter

Don’t miss new articles and updates from SSL.com

Stay Informed and Secure

SSL.com is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from SSL.com.

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.