SSL certificate maximum validity is being reduced to 200 days from March 2026. Read more →

SSL Certificates

Cheap SSL DV SSL Wildcard SSL Multi-Domain (SAN) OV & EV SSL

Specialty Certificates

Code Signing Document Signing Email / S/MIME VMC / BIMI
In effect now Certificate Lifetime

Automation

Overview Auto DNS FairSSL vs Let's Encrypt

Platforms

Windows Setup Linux & Kubernetes Appliances ACME Clients

Tools

SSL Scanner Certificate Decoder CAA Generator

Guides

Windows Server Linux & Open Source All guides

Company

About Us Contact Installation Service
News

Language

Dansk Svenska English

Currency

Login Create Account
IIS / Windows Server Advanced ~3 min. read

SSL Certificate Management for IIS 7.0 and 7.5

A comprehensive guide to managing SSL certificates in Microsoft IIS 7.0 and 7.5, covering CSR generation, certificate installation, HTTPS binding, and troubleshooting.

IIS 7/7.5 (EOL januar 2016)

Products that no longer receive updates.

SSL Certificate Management for IIS 7.0 and 7.5

Overview

This guide covers the end-to-end process of managing SSL certificates in Microsoft Internet Information Services (IIS) versions 7.0 and 7.5 on Windows Server 2008 and 2008 R2. You will learn how to generate a Certificate Signing Request (CSR), import the issued certificate, configure HTTPS bindings, and troubleshoot common issues.

Prerequisites

  • Windows Server 2008 / 2008 R2 with IIS 7.0 or 7.5 installed
  • Administrative access to the server
  • An SSL certificate from FairSSL (DV, OV, or EV)
  • Access to IIS Manager (inetmgr)

Step 1: Generate a Certificate Signing Request (CSR)

Open IIS Manager (type inetmgr in the Start menu). Select the server node in the left-hand Connections panel, then double-click Server Certificates in the centre pane.

  1. Click Create Certificate Request in the Actions panel on the right.
  2. Enter the Distinguished Name Properties:
    • Common Name: Your Fully Qualified Domain Name (FQDN) (e.g. www.example.com)
    • Organization: Legal company name (must match official registration for OV/EV certificates)
    • Organizational Unit: Department name (optional)
    • City/locality: City
    • State/province: County or Province
    • Country: GB (or your relevant country code)
  3. Select Microsoft RSA SChannel Cryptographic Provider and a bit length of 2048 bit (minimum).
  4. Save the CSR file (e.g. C:\ssl\example.csr).

Submit the CSR content via your FairSSL control panel to begin the certificate provisioning process.

Step 2: Import the Issued Certificate

Once your certificate has been issued, you will receive the certificate file (typically .crt or .cer).

  1. Open IIS Manager and select the server node.
  2. Double-click Server Certificates.
  3. Click Complete Certificate Request in the Actions panel.
  4. Browse to your certificate file and provide a Friendly name (e.g. example.com 2026).
  5. Select the certificate store: Web Hosting (recommended) or Personal.
  6. Click OK. The certificate will now appear in the Server Certificates list.

Note: If you encounter the error "Cannot find the certificate request associated with this certificate file", it usually indicates that the CSR was generated on a different server or the private key has been deleted. In this case, you must generate a new CSR and request a certificate reissue.

Step 3: Configure HTTPS Bindings on Port 443

  1. Navigate to the specific website in the left-hand Sites tree.
  2. Click Bindings in the Actions panel.
  3. Click Add and configure the following:
    • Type: https
    • IP address: All Unassigned (or a specific IP)
    • Port: 443
    • Host name: Your domain name (optional for IIS 7, required for IIS 8+ using SNI)
    • SSL certificate: Select the certificate you just imported
  4. Click OK.

Step 4: Install the Intermediate Certificate

To ensure full browser compatibility and a valid trust chain, the intermediate certificate must be installed on the server:

  1. Open mmc.exe and add the Certificates snap-in for the Computer Account / Local Computer.
  2. Navigate to Intermediate Certification Authorities → Certificates.
  3. Right-click → All Tasks → Import and select the intermediate file provided by FairSSL.

Step 5: Verify the Installation

Open a web browser and visit https://your-domain.com. Verify that:

  • The padlock icon is visible in the address bar
  • Certificate details show the correct domain and expiry date
  • There are no warnings regarding the certificate chain

You can also use the FairSSL SSL scanner at fairssl.com to validate the installation externally.

Troubleshooting

  • Certificate not appearing in dropdown: Ensure the CSR was generated on the same server and that the private key exists in the certificate store.
  • Binding error on port 443: Check if another application is already listening on port 443 using netsh http show sslcert.
  • "Page cannot be displayed" over HTTPS: Verify your Windows Firewall rules allow inbound traffic on port 443.
  • Certificate chain warnings: Ensure the intermediate certificate is installed as described in Step 4.
:: Tjek eksisterende SSL-bindinger
netsh http show sslcert

:: Slet en gammel SSL-binding (erstat med din IP:port)
netsh http delete sslcert ipport=0.0.0.0:443

:: Genstart IIS
iisreset /restart

Strengthen your TLS security

Use IIS Crypto to easily configure secure TLS protocols and cipher suites on your Windows Server.

IIS Crypto TLS configuration guide
Back to guides

Ready to create a free account?

Create a free account and issue your first certificate in under 10 minutes.

Create free account Compare certificates