IIS7.0&8.

0SSL Certificate Deployment Guide

StartCom CA Limited

StartCom CA Limited

Contents
1.The environment for installing the SSL certificate..................................................................... 3
1.1 Brief introduction of SSL certificate installation environment ....................................... 3
1.2 Network environment requirements ................................................................................ 3
2.Generate the CSR ....................................................................................................................... 4
2.1 Generate the private key files and CSR files ................................................................... 4
2.2 Complete the production of the private key and CSR file ............................................... 6
2.3 Submit CSR file ............................................................................................................... 7
3.Import SSL certificate................................................................................................................. 8
3.1 Get SSL certificate ........................................................................................................... 8
3.2 Import SSL certificate...................................................................................................... 8
3.3 Binding server certificate ................................................................................................. 9
3.4 Test the SSL certificate. ................................................................................................. 10
4.Backup of SSL certificate ......................................................................................................... 11
5.Restore of SSL certificate ......................................................................................................... 13

StartCom CA Limited

1.The environment for installing the SSL certificate

1.1 Brief introduction of SSL certificate installation environment
IIS7.0 or 8.0
A website
SSL certificate

1.2 Network environment requirements

Please ensure the site is a legitimate e domain address, which can normal access by typing its
domain name http://XXX.

StartCom CA Limited

2.Generate the CSR

2.1 Generate the private key files and CSR files
Enter the IIS Manager, and select the server certificate settings option like following figures.

Click Create Certificate Request.

StartCom CA Limited

Fill in the certificate details.

Select the bit length of the key, default length is 1024, please select the 2048 or 4096 to ensure
the encryption strength. Encryption services choose the default one, andClick "next",

StartCom CA Limited

2.2 Complete the production of the private key and CSR file
After generate the CSR file, it is recommended that you test the generated CSR file is correct,
please click here to test your CSR file. Please send the CSR file to StartCom. Please do not do
any change of your server and wait for the certificate issued.

StartCom CA Limited

2.3 Submit CSR file

When you apply the certificate on https://startssl.com/Account, submit your CSR.

StartCom CA Limited

3.Import SSL certificate

3.1 Get SSL certificate
You will get a zip file after you apply the certificate from StartCom successfully. Then you extract
the file, you will get 4 files. After we extra the IIS Server.zip, we can get 2 certificates.

3.2 Import SSL certificate

Back to server certificate, click Complete Certificate Request.

Upload 2_domian.com.crt to your server. Click "Browse" to select the Certificate and set a
Friendly name for the certificate, complete the import of the certificate.

StartCom CA Limited

Import the intermediate certificate in your local mmc.

Start Run MMCStart console Select menu file Add / remove management unit
Select the certificate in the listclick add choose Computer account Click Finish. On the
left side of the console display certificate tree list, choose Individual certificate. Right click,
choose All tasks Import. Import 1_Intermediate.crt into the Intermediate Certification
Authorities.

3.3 Binding server certificate

Open the IIS manager panel, find the site to be deployed certificate, click on the "binding".

Figure 3

StartCom CA Limited

Setting parameters
Select binding add Type selection HTTPS Port 443 SSL certificate the name of
the imported certificate Determine, SSL default port 443 port.
(Please don't make any changes. If you use other ports such as: 8443, you must enter the
https://www.domain.com:8443.)

3.4 Test the SSL certificate.

Input the address in browser address bar: https://domain.com (the domain of the applied SSL
certificate) Test your SSL certificate is installed successfully or not. If successful, the browser
address bar will display a safety lock sign.
You could test your websites certificate and configuration by https://www.ssllabs.com/ssltest/.

10

StartCom CA Limited

4.Backup of SSL certificate

When you have finished installing the certificate, please backup your certificate as follow.
1. Back to Console1, go Certificates (Local Computer)PersonalCertificates, choose your
certificate just you have installed. Right click All Tasks Export.

Figure 12
2. Then attend to check Yes, export the private key, click next.

3. Check Include all certificates in the certification path if possible, click next.

11

StartCom CA Limited

4. Type and confirm your password, Specify a name and path of this file, you will get a certificate
PFX format, keep these in mind.

12

StartCom CA Limited

5.Restore of SSL certificate

1. Go Certificates (Local Computer) Personal Certificates, right click Certificate select
Import as follow.

2. According to the certificate Import Wizard, import the PFX format certificate to Automatically
select the certificate store based on the type of certificate, type your password of certificate,
finish import certificate.

3. Open the IIS manager panel, Binding certificate again.

13