Installing an SSL certificate on Microsoft IIS 4.x

Part one: Save the certificate for your domain

1. Open the email we sent you, that contains the certificate for your domain.

2. Copy the certificate, including the --BEGIN-- and --END-- strings.

3. Paste the certificate into a blank document in a text editor.

4. Save the document. We recommend that you name it YourDomainName.crt, and save it into the same directory where your CSR and private key files are located. In many cases, this is the www directory.

   We recommend that you also back up your certificate on another computer or storage device.

Part two: Install the certificate for your domain using Key Manager

1. Go to Key Manager.

2. Click on the certificate for your domain name (usually a broken key icon with a line through it), and select "Install Key Certificate".

3. Enter the Password.

4. When you are prompted for bindings, add the IP and Port Number. "Any assigned" is acceptable if you do not have any other IIS SSL certificates installed on the Web server.
   Note: Multiple certificates installed on the same Web server will require a separate IP Address for each because SSL does not support host headers.

5. Go to the Computers menu and select the option "Commit Changes", or close Key Manager and select "Yes" when prompted to commit changes.

   The certificate for your domain name is now successfully installed. Restart the machine for your certificate to take effect.

Part three: Download and save the Root and Intermediate certificates

Root and Intermediate certificates link the certificate for your domain name to its original certification authority. In order for visitors' browsers to recognize your certificate and the security it provides, you must install the Root and Intermediate certificates.

1. Confirm which certificate you purchased, and determine which set of Root and Intermediate certificates to download.

   To confirm which certificate you purchased, review your order confirmation.

   • If you purchased SBS Instant, download set A below.

   • If you purchased SBS Secure or Secure Plus download set B below.

   A -- SBS Instant

   • Instant Validation SBS Intermediate 2 CA
   • Instant Validation AddTrust Intermediate 1 CA
   • Instant Validation UTN Global Root CA

   -OR-

   B -- SBS Secure and Secure Plus

   • Full Validation AddTrust Root CA
   • Full Validation Intermediate CA

2. Download the Root-Intermediate set for your domain name certificate. To download, right-click each certificate file name and select Save Target As.

   Save the Root and Intermediate certificates to the same directory where you saved the certificate for your domain name.

Part four: Install the Root and Intermediate certificates

In order for your visitors' browsers to recognize the certificate for your domain name, you must complete one of the following procedures. The procedure you follow depends the Service Pack that has been implemented on your machine running IIS4.

Service Pack 3:

1. Install the Root and Intermediate certificates in your Internet Explorer by opening each certificate and clicking "Install Certificate".

2. Use this IIS CA batch file to transfer all Root and Intermediate certificates from your Internet Explorer to IIS. After you save this file to your computer, rename it root2iis.bat. (see Microsoft Knowledge Base Q216339).

Service Packs 4, 5, and 6:

1. Install the Root certificate by double-clicking on the Root file (this will start an installation wizard)
2. Select Place all certificates in the following store and click browse.
3. Select Show physical stores.
4. Select Trusted Root Certification Authorities
5. Select Local Computer, click OK
6. Back in the wizard, click Next, click Finish.
7. Repeat the same for the Intermediate certificates, except choose to place the certificates in the Intermediate Certification Authorities store.
8. Reboot the Web server to complete the installation.

You may also want to read (see Microsoft Knowledge Base Q194788).