HOW TO: Install Imported Certificates on a Web Server in Windows Server 2003

IN THIS TASK

• Summary
  • Install the Certificates
  • Import the Certificate into the Local Computer Store
  • Assign the Imported Certificate to a Web Site

Summary

This step-by-step article describes how to import a Web site certificate into the certificate store of the local computer and assign the certificate to the Web site.

Install the Certificates

The Windows 2003 Internet Information Server (IIS) 6.0 supports Secure Sockets Layer (SSL) communications. A whole Web site, a folder on the Web site, or a particular file that is located in a folder on the site can require a secure SSL connection. However, before the Web server can support SSL sessions, a Web site certificate must be installed.
You can use one of the following methods to install a certificate in IIS 6.0:

• Make an online request by using the IIS Web Server Certificate Wizard and install the certificate at the time of the request.
• Make an offline request by using the IIS Web Server Certificate Wizard and obtain and install the certificate later.
• Request a certificate without using the IIS Web Server Certificate Wizard.

Note If you use the second or third method, you must install the certificate manually.

To install the Web site certificate, you must complete the following tasks:

• Import the certificate into the computer's certificate store.
• Assign the installed certificate to the Web site.

Import the Certificate into the Local Computer Store

To import the certificate into the local computer store, follow these steps:

1. On the IIS 6.0 Web server, click Start, and then click Run.
2. In the Open box, type mmc, and then click OK.
3. On the File menu click Add/Remove snap-in.
4. In the Add/Remove Snap-in dialog box, click Add.
5. In the Add Standalone Snap-in dialog box, click Certificates, and then click Add.
6. In the Certificates snap-in dialog box, click Computer account, and then click Next.
7. In the Select Computer dialog box, click Local computer: (the computer this console is running on), and then click Finish.
8. In the Add Standalone Snap-in dialog box, click Close.
9. In the Add/Remove Snap-in dialog box, click OK.
10. In the left pane of the console, double-click Certificates (Local Computer).
11. Right-click Personal, point to All Tasks, and then click Import.
12. On the Welcome to the Certificate Import Wizard page, click Next.
13. On the File to Import page, click Browse, locate your certificate file, and then click Next.
14. If the certificate has a password, type the password on the Password page, and then click Next.
15. On the Certificate Store page, click Place all certificates in the following store, and then click Next.
16. Click Finish, and then click OK to confirm that the import was successful.

Assign the Imported Certificate to the Web Site

1. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
2. In the left pane, click your server.
3. In the right pane, double-click Web Sites.
4. In the right pane, right-click the Web site you want to assign the certificate to, and then click Properties.
5. Click Directory Security, and then click Server Certificate.
6. On the Welcome to the Web Certificate Wizard page, click Next.
7. On the Server Certificate page, click Assign an existing certificate, and then click Next.
8. On the Available Certificates page, click the installed certificate you want to assign to this Web site, and then click Next.
9. On the SSL Port page, configure the SSL port number. The default port of 443 is appropriate for most situations.
10. Click Next.
11. On the Certificate Summary page, review the information about the certificate, and then click Next.
12. On the Completing the Web Server Certificate Wizard page, click Finish, and then click OK.

You can now configure Web site elements to use secure communications.