How to Install an SSL Certificate in Windows Server 2012 R2 (IIS 8.5)?

How to Install an SSL Certificate in Windows Server 2012 R2 (IIS 8.5)?

As Microsoft’s newest server platform, Windows Server 2012 R2 makes big changes in the way that an SSL certificate is requested and installed. The following instructions will teach you how to order an SSL certificate from a certificate authority and then install it in IIS 8.5 for your Windows VPS or dedicated server.

Install an SSL Certificate in IIS 8.5

Generally Windows Server 2012 R2 brings a set of new features that expand on the existing capabilities of Windows Server 2012. Its IIS 8.5 makes it much easier to install an SSL certificate on a Windows server, and the job can be done quickly through the listed steps and suggestions.

Step 1 – Create the “Certificate Signing Request”
Before ordering an SSL certificate, you should firstly generate a certificate signing request. Here is a quick checklist of what you need to do in this process.

  1. To do so, just enter the “Start” menu and then type in “iis” in the search box. Just click to enter “Internet Information Services Manager” as below.
  2. Enter IIS Manager

  3. Make a hit on the server name from the left-hand “Connections” column. This will open a management page where you can locate and double-click this “Server Certificates” option.
  4. Choose Server Certificate

  5. Within the right-hand “Actions” column, choose to “Create Certificate Request”.
  6. Create Certificate Request

  7. In this “Distinguished Name Properties” window, enter the following certificate related information. Do remember to press the “Next” button to proceed.
  8. Enter Distinguished Name Properties

    • Common Name – is the FQDN (fully qualified domain name) or URL of your server. This should be exactly what you type in the web browser, or a “Name Mismatch Error” will occur.
    • Organization – is the name in which your organization is legally registered. This shall not be abbreviated but can include suffixes like “Corp”, “LLC” and “Inc.” If you want to enroll as an individual, just fill in the certificate register’s name.
    • Organizational Unit – is the division of your organization, such as “Engineering” or “Information Technology”. Note that, most CAs won’t validate this field.
    • City/Locality – is the full name of the city where your organization is registered. This shouldn’t be abbreviated.
    • State/Province – is the state/province where your organization is registered. Do not abbreviate it.
    • Country/Region – is the two-letter “International Standards Organization” (ISO) format for the country/region where your organization is registered.
  9. In the next screenshot, set “Microsoft RSA SChannel Cryptographic Provider” to this “Cryptographic Service Provider”. In the meantime, change the default “Bit Length” from 1024 to 2048 bit or higher.
  10. Set Service Provider Properties

  11. The last step is to click the ellipsis button so that you can select file name and location for this CSR (Certificate Signing Request). Do not forget to press the “Finish” button.
  12. Select File Name & Location

  13. Now that you’ve generated a CSR file, it’s time to use it to order the SSL certificate from a certificate provider. If you don’t have a favorite for now, we recommend you to go with Host4ASP.NET which offers the highest level of security and free site seal at a user-friendly price.
  14. Choose Certificate Provider

    Once you supply the necessary CSR information, their support staffs will help you install the SSL certificate within few hours.

Step 2 – Install Your SSL Certificate
To install the newly-received certificate file in II 8.5, simply copy it from the server and then refer to the steps in below:

  1. To start, you should go back to the same “Server Certificates” page to complete certificate request.
  2. Complete Certificate Request

  3. In this “Specify Certificate Authority Response” window, click the button that comes with three dots and pick out the server certificate offered by your certificate authority. Ensure that the chosen file will include a “.cer” file extension.
  4. Specify Certificate Authority Response

    Also, you should create a “Friendly Name” to keep track of the certificate afterwards. By the way, it is also possible to select a “Certificate Store” for the new certificate from the drop-down list.

  5. If nothing goes wrong, the newly-installed certificate will show up in the “Server Certificates” list. If you are notified that the private key or request cannot be found on the server, make sure that you’re using the right certificate and also installing it on the same server where the CSR file is generated.
  6. Generate a Certificate

    If you’re pretty sure about the two things, you will have to create another “Certificate Request” and replace the current certificate. It is advisable to seek professional assistance from your certificate provider.

Step 3 – Bind the Certificate to Your Website
From the home page of “IIS Manager”, expand the “Sites” folder so that you can choose a website to bind the certificate to. Here, simply click on the “Bindings” link from “Actions” column on the right.

Click Bindings Link

Click the “Add” option as long as a “Site Bindings” window pops up. Just set the “Type” to “https” and select “All Unassigned” in the drop-down list of “IP Address”. For “Port”, you should input 443 unless you’re using a non-standard port for the SSL traffic. Note that, a “Host Name” is also required in this binding process.

Click Add Butoon

Having checked all settings, you can hit on the “Close” button to complete the installation of an SSL certificate. If there are no bugs or problems, your website will be customized to accept secure connections.

Step 4 – Install an Intermediate Certificate
As most certificate authorities would issue an intermediate certificate, you also need to install such a certificate on the webserver or visitors will encounter a “Certificate Not Trusted Error”. Assuming that you’ve purchased an intermediate certificate, below are the instructions to install it:

  1. Firstly, download the needed intermediate certificate to a folder on the webserver.
  2. Then, double-click this certificate to view the certificate details.
  3. In the “General” tab, click to “Install Certificate” as follows. Once the “Certificate Import Wizard” is completed, click the “Finish” button to end the whole process.

Complete Certificate Import Wizard


  1. If your website can not be accessed via “https”, this SSL Checker can help you diagnose common issues.
  2. A good way to check whether your website is publicly accessible is testing it with Firefox and Internet Explorer. If you receive a message saying that this website is not available now, the chances are that the IIS 8.5 may not be listening on 443 port. If it takes a long time for your web request, there will be a firewall blocking traffic on port 443.
  3. Note for ISA Servers (Internet Security and Acceleration Server). If your ISA 2004 or 2006 server cannot send the intermediate certificate, then you need to reboot the server. In most instances, ISA server won’t send the intermediate certificate properly until after a reboot.
  4. More useful guides for operations on IIS 8 or 7 are available on this page.
  5. Top ASP.NET Hosting Guides