Blog Post

IIS Support Blog
1 MIN READ

Installing server certificates manually in IIS

Jawahar Ganesh S's avatar
Jawahar Ganesh S
Icon for Microsoft rankMicrosoft
Apr 03, 2019

I wanted to quickly summarize the mostly used methods to install a server certificate on the IIS server manually (If we have a private key certificate - a pfx file) for quick reference:

 

Using IIS Manager:

 

  1. On the IIS Manager at the server level, locate the “Server Certificates” icon and double-click it

 

  1. Locate the “Actions” pane on the ride side and click “Import”
  2. This will open up the Import dialog box

 

  1. Provide the .pfx file full path, password for the keys and click OK. This will install the certificate for you.

 

Using MMC:

 

  1. Open MMC
  2. Click File -> Add/Remove Snap-in
  3. Select Certificates and click Add
  4. Select Computer account for the snap-in and click Next
  5. Click Local computer and click Finish

 

  1. In the MMC console, expand Certificates (Local Computer)
  2. Right Client on Personal -> All Tasks -> Import

 

  1. Select the pfx certificate in the certificate import wizard and click next
  2. Provide the password for the certificate, click Next
  3. Select the store as Personal, click Next and Finish
Published Apr 03, 2019
Version 1.0

2 Comments

Sort By
  • rnh190's avatar
    rnh190
    Copper Contributor
    Oct 24, 2024

    After installing the "self-signed" cert above, and tweaking the IIS "Binding" settings, it seems that we can get a browser page up with Https with the Chrome browser saying it is "secure".  Doing the same with Edge got stuck with IIS going crashing.  Need to do more work at our end testing to figure out what is going on here.  Our app has a configuration to select either "http" or "https" with the latter having been disabled until the Win 11 update issue. Ideally we can get it working with either on Win 10 and Win 11 pre/post release 24H2.   But it will be pain coaching users through the installation of a self-signed cert unless we can programmatically do that.  Long term we might replace the browser interface with an app (lot of work!)

  • rnh190's avatar
    rnh190
    Copper Contributor
    Oct 24, 2024

    I had windows make a "self-signed" cert, which was saved with a ".cer" suffix under c:\windows\system32.

    Then imported it to personal store, no prompt for password, set to "enable for all purposes for this certificate".

    First, is anything wrong with the above?

    If so, what?

     

    My usage of the IIS is for is to host browser pages that are accessed as a user software interface only on the local computer or a computer on the local network. 

     

    It seems that the Win 11 24H2 windows update is now requiring any webpage hosted by IIS, even on the local machine/local network be accessed using "https" rather than "http", necessitating this certificate.  Or am I missing something here?  Prior to that Win update, Windows IIS and the browsers have been perfectly fine with supporting "http" access.