Import PFX File - Internet Information Server 7

PFX Files & Windows Internet Information Service 7 (IIS)

A PKCS12 (PFX) file is a specially formatted file which includes the SSL Certificate, Private Key and optionally any required Intermediate CA Certificates. The file has an extension of .PFX and is compatible with Windows Internet Information Service (IIS).
To create the PKCS12 (PFX) file please visit the SSL Tools section of our website. Scroll down to the "Convert PEM Formatted File To PKCS12 (PFX Format)" link. You will be required to enter a password for the file - this ensures the security of the file.
If your CSR wasn't generated during the ordering process you can still use our SSL Tools to create a PKCS12 (PFX) file. However, you will be required to provide your associated Private Key when generating the PKCS12 (PFX) file for it to be created successfully.
The PKCS12 (PFX) file will be compressed and saved as a ZIP file, please ensure to UNZIP it before import. The (PKCS12) PFX file should include all required components (SSL Certificate, Private Key and any required Intermediate CA Certificates).

How To Import The PKCS12 (PFX) File Into Microsoft IIS 7

Importing a (PKCS12) PFX file into Microsoft IIS is generally a straight-forward process. Please review the instructions below or follow the instructions that are provided by Microsoft, refer to your server documentation or contact your server vendor.
Step 1 : Click "Start" and choose "Run".
Step 2 : In the "Run" dialogue box type "MMC" and click "OK". The MMC should then appear.
Step 3 : Go to the File tab or menu and select "Add / Remove Snap-In".
Step 4 : Click on "Certificates" and click "Add".
Step 5 : Select "Computer Account" and click "Next".
Step 6 : Select "Local Computer" and click "Finish".
Step 7 : Click "OK" to close the "Add / Remove Snap-In" window.
Step 8 : Double click on "Certificates (Local Computer)" in the center window.
Step 9 : Right click on the "Personal Certificates Store" folder.
Step 10 : Choose "ALL TASKS" then select "Import".
Step 11 : Follow the "Certificate Import Wizard" to import your "Primary Certificate" from the .PFX file.
Step 12 : Browse to the .PFX and enter the associated password when prompted.
Step 13 : If desired, check the box to "Mark This Key As Exportable". We recommend choosing this option.
Step 14 : When prompted, choose to automatically place the Certificates in the Certificate Stores based on the type of the Certificate.
Step 15 : Click "Finish" to close the Certificate Import Wizard.
Step 16 : Close the MMC console. It is not necessary to save any changes that you have made to the MMC console.
The SSL Certificate, Private Key and any Intermediate Certificates should now be imported into your server. You must now follow the instructions below to bind your SSL Certificate to your website profile.

How To Bind An SSL Certificate In Microsoft IIS 7

Once the SSL Certificate has been imported it is important to now bind the SSL Certificate to your website so that the website functions correctly. Your SSL Certificate will not function until the following steps are completed.
Step 1 : Click "Start", "Administrative Tools" and then choose Internet Information Services (IIS) Manager.
Step 2 : Click on the server name and expand the "Sites" folder.
Step 3 : Locate your website (usually this will be called "Default Web Site") and click on it.
Step 4 : From the "Actions" menu (on the right) click on "Site Bindings" or similar.
Step 5. In the "Site Bindings" window, click "Add" or similar. This will open the "Add Site Binding" window.
Step 6 : Under "Type" choose https. The IP address should be the corresponding dedicated IP address of the site or "All Unassigned". The "Port" which traffic will be secured by SSL is usually 443. The "SSL Certificate" field should specify the SSL Certificate that was installed during the import process above.
Step 7 : Click "OK".
Step 8 : Your SSL Certificate should now be installed and functioning correctly in conjunction with your website. Occasionally a restart of IIS may be required before the new SSL Certificate is recognized.