This guide is split into 3 parts; creating a CSR, installing the certificate, and installing the intermediate certificate.
This guide also assumes you already have an SSL certificate installed, so the method is longer but will not cause any downtime and can also be used for websites without an SSL certificate installed.
Creating a CSR:
- Firstly open the IIS Manager (found within Administrative Tools in control panel) and then right click the "Web Sites" folder, once you have the right click menu open select "New". Choose "Web Site" and click next.
- On the next screen it doesn't matter what you call the website as it's not actually going to be used, on the next screen leave the IP addresses unassigned and then on the next screen select a random folder, again this doesn't matter as it's not going to be used.
- Ignore the permissions screen, just press next and then finish.
- You should now have the website we've just created in the list on the right. Right click the website and click "Properties". Click the "Directory Security" and then the "Server Certificate" option.
- Click next and then select the "Create a new certificate" option and click next, then choose the "Prepare the request now, but send it later" and click next again.
- On the IIS Certificate Wizard enter the company name and make sure the bit length selected is 2048, leave the two boxes at the bottom unchecked and click next. Fill in the information requested on the next screen and then press next. In the "Common name" box you need to put the address of the website you wish to install the certificate on and then press next. Fill in the form on the next page and then press next.
- You will now be given the option to save the CSR.
Installing the certificate:
- Firstly you need the certificate saved onto your machine, preferably in the format of *.cer.
- Once you have the certificate saved go back into the IIS Manager and right click the website you wish to install the certificate on in the left hand menu then click "Properties".
- Click the "Directory Security" tab and click "Server Certificate". Click next and then make sure "Process the pending request and install the certificate" is selected and click next once again.
- On the next screen you will need to select the certificate you've just saved, so click browse and navigate to the certificate and double click the certificate and then press next and finish.
- Your SSL certificate should now be installed. You can now delete the temporary website we created by right clicking on it within the left hand menu of IIS Manager and selecting delete.
Installing the intermediate certificate:
- Firstly the certificate needs to be saved, but this time save the certificate within a folder on the server. Please note there's two beginnings and ends within the intermediate certificate and both need to be included.
- Once saved onto the server double click on the certificate you've just saved, this will open up a certificate window. Click "Install Certificate" at the bottom of the General tab and then press next.
- Select "Place all certificates in the following store" and then click Browse.
- Check the "Show physical stores" checkbox and then expand the "Intermediate Certification Authorities" folder by clicking the plus to the left of the folder. Select the "Local Computer" folder which appears so it's highlighted, then click OK, next, and then finish.
- Once you have done this restart IIS and stop/start your website.
- Once you have completed these steps your certificate will be installed and active.