Solution

How do I install a Standard EV or Secure Site EV certificate on a Microsoft IIS 5 or IIS 6 server?

Solution ID:    SO8642
Version:    1.0
Published:    March 25, 2008

Problem

How to install  a Standard EV SSL or Secure Site EV SSL certificate on a Microsoft IIS 5 or IIS 6 server

Resolution

To install a Standard EV SSL or Secure Site EV SSL certificate on a Microsoft IIS 5 or IIS 6 server, perform the following steps:

Installing an SSL Certificate

IMPORTANT:

In order for your SSL Certificate to function properly, you must download and install the VeriSign Intermediate CA Certificate on your Web server. Microsoft Internet
Information Services (IIS) 5.0 and above automatically installs the Intermediate CA Certificate when you install the SSL Certificate and does not require separate installation.
  1. Obtain your EV SSL Certificate using one of the following methods:

    • From the Approval email as a cert.cer attachment. If the attachment has been stripped from the email, retrieve the certificate from the body of the Approval email. For instructions on retrieving the certificate from the body of the email see solution SO2132
    • Download the Certificate from your account
      • To download your Secure Site EV Certificate from your VeriSign Certificate Center account, see solution SO8061
      • To download your Standard EV SSL Certificate from your Managed PKI for SSL subscriber services page, see solution SO6621
         
  2. Open the Internet Services Manager (IIS). Click Start > All Programs > Administrative Tools > Internet Information Services (IIS) Manger
  3. Under Web Sites, right-click your web site and select Properties
  4. Click the Directory Security tab
  5. Under Secure Communications, click Server Certificate
  6. The Web Site Certificate Wizard will open, click Next

    Important: The pending request must match the response file. If you deleted the pending request in error you must generate a new CSR and replace this certificate

  7. Choose Process the Pending Request and Install the Certificate, then click Next
  8. Select the location of the certificate response file, and then click Next
  9. Read the summary screen to be sure that you are processing the correct certificate and then click Next
  10. You see a confirmation screen. After you read this information, click Next.
  11. Stop and start your Web server prior to any testing
  12. Be sure to assign your site an SSL port (443 by default)
  13. If you do not specify an IP address when installing your SSL Certificate, the same ID will be used for all virtual servers created on the system
  14. If you are hosting multiple sites on a single server, you can specify that the ID only be used for a particular server IP address
     

Note: Now that you have installed your EV SSL certificate, VeriSign recommends that you export/back up your certificate. For instructions on how to back up your certificate see solution SO911

Note: If you need to migrate the EV SSL Certificate from one Microsoft IIS 5.0 or above server to another Microsoft IIS 5.0 or above server see solution SO2165

Disclaimer:

VeriSign, Inc. has made efforts to ensure the accuracy and completeness of the information in this document. However, VeriSign, Inc. makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. VeriSign, Inc. assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.  Further, VeriSign, Inc. assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. VeriSign Inc. reserves the right to make changes to any information herein without further notice.