Installation Instructions for Microsoft IIS 7

Solution ID:    SO10517    Updated:    10/04/2016


This document was created to assist with the installation of a SSL certificate on Microsoft IIS 7. If this document can not be used within the environment, RapidSSL recommends contacting an organization that supports IIS 7.

RapidSSL now offers the GeoTrust SSL Assistant to make it easy to generate a CSR and install a certificate for Microsoft IIS 7.0 servers running .NET 2.0 or higher. As an independent subsidiary of Symantec, RapidSSL offers GeoTrust SSL Assistant as a benefit of our corporate relationship.

Watch RapidSSL's Tutorial Videos for a more visual experience!

NOTE:  If the video is not functioning as expected, please click here to go directly to the video source.


  1. Download the SSL certificate

    For RapidSSL Security Center accounts, select Microsoft as the platform.  All versions of IIS will use the PKCS#7 certificate format.

    For Partner orders and retail RapidSSL orders placed before June 2016, select PKCS#7 as the format.
  2. Click Start > Administrative Tools > Internet Information Services (IIS) Manager.
  3. From the left menu, click the corresponding server name.
  4. In the Features pane (middle pane), under Security, double-click Server Certificates.
  5. From the Actions pane (right pane), select Complete Certificate Request.
  6. Provide the location of the certificate file and the friendly name.  The Friendly Name will be displayed in the menu to bind the certifiate to the site (at a later step in this guide).

    NOTE: With a Wildcard certificate, the certificate will need a wildcard friendly name. Example: *
    IIS 7.X  will not enable host headers unless the friendly name starts with * when the certificate is bound to the site (at a later step in this guide).

    In this example how the binding will look later if you do not give the certificate a wildcard friendly name.

    Friendly name without wildcard:

    Friendly name with wildcard:

    At this point the server may respond with one of the two known errors;

    CertEnroll::CX509Enrollment::p_InstallResponse:ASN1 bad tag value met. 0x8009310b (ASN: 267) 

    Click here for the resolution to this message.


    Cannot find the certificate request associated with this certificate file.  A certificate request must be completed on the computer where it was created.

    Click here for the resolution to this message.

Step 3: Binding certificate to the web site:

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager.
  2. On the Connections pane, select [Server Name] > Sites > [Site to bind the certifiate to]
  3. In the Actions pane, click Bindings.

  4. In the Site Bindings window, If there is no existing https binding, choose Add and change Type from HTTP to HTTPS

    NOTE: if there is already a https binding, select it and click Edit

  5. From the SSL Certificate drop down, Select the Friendly Name for the SSL certificate that will be used for this site
  6. Click OK

Step 4:  Verify certificate installation:

  1. To verify the SSL certificate installation, use the RapidSSL Installation Checker
  2. In some cases a Stop and Start of the site may be required prior to any testing. 

    NOTE: In some cases the changes may not take place after restarting IIS Services and a re-boot is needed.

Additional Notes:

           If an IP address is not specified when installing your SSL\TLS Certificate, the same ID will be used for all virtual servers created on the system.
           If you are hosting multiple sites on a single server, you can specify that the ID only be used for a particular server IP address.

Microsoft Support
           For more information, contact Microsoft.



RapidSSL has made efforts to ensure the accuracy and completeness of the information in this document. However, RapidSSL makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. RapidSSL assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.  Further, RapidSSL assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. RapidSSL reserves the right to make changes to any information herein without further notice.

Contact Support

US Support:

Order Processing

Technical Support

European Support:

Order Processing

Technical Support

SSL digital certificates sales live chat.

Find Answers

Search Tips