HOW TO: Install Imported Certificates on a Web Server in Windows Server 2003


For a Microsoft Windows 2000 version of this article, see
310178 .



This step-by-step article describes how to import a Web site certificate into the certificate store of the local computer and assign the certificate to the Web site.

back to the top

Install the Certificates

The Windows 2003 Internet Information Server (IIS) 6.0 supports Secure Sockets Layer (SSL) communications. A whole Web site, a folder on the Web site, or a particular file that is located in a folder on the site can require a secure SSL connection. However, before the Web server can support SSL sessions, a Web site certificate must be installed.
You can use one of the following methods to install a certificate in IIS 6.0:
  • Make an online request by using the IIS Web Server Certificate Wizard and install the certificate at the time of the request.
  • Make an offline request by using the IIS Web Server Certificate Wizard and obtain and install the certificate later.
  • Request a certificate without using the IIS Web Server Certificate Wizard.

Note If you use the second or third method, you must install the certificate manually.

To install the Web site certificate, you must complete the following tasks:
  • Import the certificate into the computer's certificate store.
  • Assign the installed certificate to the Web site.
back to the top

Import the Certificate into the Local Computer Store

To import the certificate into the local computer store, follow these steps:
  1. On the IIS 6.0 Web server, click Start, and then click Run.
  2. In the Open box, type
    mmc, and then click OK.
  3. On the File menu click Add/Remove snap-in.
  4. In the Add/Remove Snap-in dialog box, click Add.
  5. In the Add Standalone Snap-in dialog box, click Certificates, and then click
  6. In the Certificates snap-in dialog box, click Computer account, and then click
  7. In the Select Computer dialog box, click
    Local computer: (the computer this console is running on), and then click Finish.
  8. In the Add Standalone Snap-in dialog box, click Close.
  9. In the Add/Remove Snap-in dialog box, click OK.
  10. In the left pane of the console, double-click
    Certificates (Local Computer).
  11. Right-click Personal, point to All Tasks, and then click Import.
  12. On the Welcome to the Certificate Import Wizard page, click Next.
  13. On the File to Import page, click
    Browse, locate your certificate file, and then click
  14. If the certificate has a password, type the password on the
    Password page, and then click
  15. On the Certificate Store page, click
    Place all certificates in the following store, and then click
  16. Click Finish, and then click
    OK to confirm that the import was successful.
back to the top

Assign the Imported Certificate to the Web Site

  1. Click Start, point to
    Administrative Tools, and then click Internet Information Services (IIS) Manager.
  2. In the left pane, click your server.
  3. In the right pane, double-click Web Sites.
  4. In the right pane, right-click the Web site you want to assign the certificate to, and then click
  5. Click Directory Security, and then click
    Server Certificate.
  6. On the Welcome to the Web Certificate Wizard page, click Next.
  7. On the Server Certificate page, click
    Assign an existing certificate, and then click
  8. On the Available Certificates page, click the installed certificate you want to assign to this Web site, and then click
  9. On the SSL Port page, configure the SSL port number. The default port of 443 is appropriate for most situations.
  10. Click Next.
  11. On the Certificate Summary page, review the information about the certificate, and then click
  12. On the Completing the Web Server Certificate Wizard page, click Finish, and then click
You can now configure Web site elements to use secure communications.

back to the top