Installing your SSL Server Certificate - Microsoft IIS 4.x

You will receive an email from the Registration Authority when your certificate request has been approved that contains a link to a location where your certificate may be obtained.  Clicking on this link will bring up a browser window that contains the details of your issued certificate and includes a section that looks something like the following:

Copy everything you see between and including the lines that look like
-----BEGIN CERTIFICATE-----
and
-----END CERTIFICATE-----

and paste it into an appropriately named text file e.g. myserver.crt

Step 1. Install the Server file certificate using Key Manager

• Go to Key Manager.
• Install the new IIS SSL Server certificate (e.g. myserver.crt) by clicking on the key in the www directory (usually a broken key icon with a line through it), and select "Install Key Certificate".
• Enter the Password.
• When you are prompted for bindings, add the IP and Port Number. "Any assigned" is acceptable if you do not have any other IIS SSL certificates installed on the web server.
  Note: Multiple certificates installed on the same web server will require a separate IP Address for each because SSL does not support host headers.
• Go to the Computers menu and select the option "Commit Changes", or close Key Manager and select "Yes" when prompted to commit changes.
• The new IIS SSL Server certificate is now successfully installed.
• Back up the Key in Key Manager by clicking on Key menu> Export -> Backup File. Store the backup file on the hard drive AND off the server.

Step 2. Installing the Root & Intermediate Certificates

Firstly, you need to download the CA certificates (both Root CA certificate and Issuing CA certificate) as individual files

• DER format Root CA certificate
• DER format Issuing CA certificate

ServicePack 3:

1. Install the above certificates in your Internet Explorer by opening each certificate and clicking "Install Certificate".
2. run  %SystemRoot%\system32\inetsrv\iisca.exe   to transfer all root certificates from your Internet Explorer to the IIS (see Microsoft KnowledgeBase Q216339)
3. and then restart the machine.

ServicePack 4:
Install the above certificates manually in a specicfic root store (you may also want to read (see Microsoft KnowledgeBase Q194788):

1. Install the Root CA certificate by double clicking on the corresponding file this will start an installation wizard
2. select Place all certificates in the following store and click browse
3. select Show physical stores
4. select Trusted Root Certification Authorities
5. select Local Computer, click OK
6. back in the wizard, click Next, click Finish

Repeat the same for the Issuing CA certificate.  This time however, choose Intermediate Certification Authorities instead of Trusted Root Certification Authorities.

ServicePack 5:
Same as SP4.

ServicePack 6:
Same as SP5.

Reboot the web server to complete the installation.