Microsoft IIS 5.x/6.x For Windows Server 2000/2003

Installing your Trustwave® Digital Server certificate on Windows Server 2000 / 2003

VERY IMPORTANT: In the e-mail you received from Trustwave® when your certificate was issued, there is a ZIP file. Within that ZIP file is a file that ends in .p7b. This is the only file you will need for the installation. The .p7b is the only file necessary for installation on Microsoft IIS 5.x/6.x servers. Transfer the .p7b file to the Windows Server.

Open Internet Services Manager from the Administrative Tools. Right click on the website where you previously created a CSR and choose "Properties". Press the "Directory Security" tab and then click "Server Certificate" in the "Secure Communications" section.

When the wizard starts, choose "Process the pending request..." and press "Next". In the next screen, click "Browse" and then click the drop down box to choose "All Files *.*". Now, navigate to the folder where you stored the .p7b file and select it. Press "OK" and then click next. Verify that the port number is correct (customers who are renewing a certificate will not see this step). The default SSL/TLS port is 443. Finish the wizard and your certificate and intermediates will be installed.

Completing the installation

Your new certificates are available instantly - there is no need to restart IIS or the server itself. However, if you have a Microsoft ISA 2000/2004 server in front of your IIS server, you will need to follow the installation instructions for the Microsoft ISA Server as well.

Note: If you can reach your site via "https://", but are getting an "Untrusted Issuer" message, view the details of the certificate. If the certificate shows "Issued By: Trustwave Organization Validation CA, Level 2" or "Issued By: Trustwave Domain Validation CA, Level 1", then it is likely that you need to install a Trustwave® Intermediate certificate.

Installing a Trustwave® Intermediate certificate on Windows

This step is only required if you are having problems after the p7b installation from above. In the e-mail you received from Trustwave® when your certificate was issued, there is a ZIP file. Within that ZIP file is a file named "chain.cer". Extract this file from the .zip file as this is the only instance of the Intermediate file you should need. If you do not see the "chain.cer" file, but are certain that your certificate requires an Intermediate, then you may download the necessary certificate from the following URL:

DOWNLOAD INTERMEDIATE/CHAIN FILE - This link will bring you to the "Download Root Certificates" page on

Select the type of certificate you obtained (Extended Validation, Organization Validation, or Domain Validation) and select the PEM format, and then click the "Download Intermediate Certificate" button.

Note: At this point, you should have a file named "chain.cer", "evca2.crt", "ovca2.crt", or "dvca2.crt". Moving forward, this FAQ will refer to this file as the intermediate file.

Method 1: Certificate Installation Wizard

Double-click on the intermediate file. This will open a window that displays the certificate details. In the lower-right area of the screen, you should see a button that reads "Install Certificate...". Click that button to start the Certificate Import Wizard.

Click "Next". Select the "Place all certificates in the following store" button. Click "Browse". Select the "Intermediate Certification Authorities" option in the window that pops up. Click "OK" to close the pop-up and click "Next" in the Import wizard. Click "Finish" in the next panel

The Trustwave® Intermediate certificate is now installed.

Restart the IIS service.

Method 2: Using MMC

Open an instance of MMC (Start -> Run -> "MMC" -> OK).
In the window that comes up; go to File -> Add/Remove Snap-in...
Select "Certificates" in the pop-up that appears, then click "Add".
Select "Computer account" in this latest pop-up, then on the next screen select "local computer", then click finish.

Note: You should now see "Certificates (Local Computer)" under the "Selected snap-in:" panel toward the right.

Click "OK" to get back to the MMC.

Within the main MMC window, there should now be a folder under Console Root that reads "Certificates (Local Computer)".
Expand this "Certificates (Local Computer)" folder, then expand the "Intermediate Certification Authorities" folder.
Now right-click on the "Certificates" folder, hover your mouse over "All Tasks", then click on "Import...".

This will start the Certificate Import Wizard.

Click on "Next", then click on "Browse". Navigate to the intermediate file you received from Trustwave® and click "Open".
Click "Next", ensure "Place all certificates in the following store" is selected and "Intermediate Certification Authorities" is listed as the Certificate Store.
CLick "Next, then click "Finish".

You should now be back in the main MMC window. Double-click the "Certificates" folder under "Intermediate Certification Authorities".
The center panel should populate with all the installed Intermediate Certificates.
Scroll down and verify that there is a certificate titled "Trustwave Extended Validation SHA256 CA, Level 1", "Trustwave Organization Validation SHA256 CA, Level 1" or "Trustwave Domain Validation SHA256 CA, Level 1" depending on which intermediate file you require.

The Trustwave® Interemdiate certificate is now installed.

Restart the IIS service.

Certificate Analyzer

Once you have completed your certificate installation you can use our instant online troubleshooter to verify your installation and help resolve problems.
Certificate Analyzer→

Go Green