Microsoft IIS 7.x, 8.x on a Windows Server 2008, 2012


Installing your Trustwave® SSL certificate using IIS 7.x, 8.x on a Windows Server 2008, 2012

VERY IMPORTANT: In the e-mail you received from Trustwave® when your certificate was issued, there is a ZIP file. Within that ZIP file there are two files that end in .cer. You will need these files in order to complete the installation. The "[yoursite].cer" and "chain.cer" files are used for installation on Microsoft IIS 7.x servers. Transfer those files to your Windows Server.

Open Internet Services Manager from the Administrative Tools.

Select the appropriate server, then click on "Server Certificates"

Within the right-most panel; click on "Complete Certificate Request..." to start the Certificate Installation wizard

Click the "..." button and navigate to the "[yoursite].cer" file you received from Trustwave®.

Note: The "Friendly Name" filed is not required for the installation process, but rather can be used by the server admin to label the certificate. This label will have no bearing on the function of the SSL certificate.

Click "OK". The SSL certificate is now installed on your server.

Installing a Trustwave® Intermediate certificate on Windows

In the e-mail you received from Trustwave® when your certificate was issued, there is a ZIP file. Within that ZIP file is a file named "chain.cer". Extract this file from the .zip file as this is the only instance of the Intermediate file you should need. If you do not see the "chain.cer" file then you may download the necessary certificate from the following URL:

DOWNLOAD INTERMEDIATE/CHAIN FILE - This link will bring you to the "Download Root Certificates" page on ssl.trustwave.com.

If your SSL certificate shows "Issued By: Trustwave Organization Validation CA, Level 2", then you will want to download the "Trustwave® Organization Validation CA" file under "PEM Format"
If your SSL certificate shows "Issued By: Trustwave Domain Validation CA, Level 1", then you will want to download the "Trustwave® Domain Validation CA" file under "PEM Format"

Note: At this point, you should have a file named "chain.cer", "ovca.crt", or "dvca.crt". Moving forward, this FAQ will refer to this file as the intermediate file.

Method 1: Certificate Installation Wizard

Double-click on the intermediate file. This will open a window that displays the certificate details. In the lower-right area of the screen, you should see a button that reads "Install Certificate...". Click that button to start the Certificate Import Wizard.

Click "Next". Select the "Place all certificates in the following store" button. Click "Browse". Select the "Intermediate Certification Authorities" option in the window that pops up. Click "OK" to close the pop-up and click "Next" in the Import wizard. Click "Finish" in the next panel

The Trustwave® Intermediate certificate is now installed.

Method 2: Using MMC

Open an instance of MMC (Start -> Run -> "MMC" -> OK).
In the window that comes up; go to File -> Add/Remove Snap-in...
Select "Certificates" in the pop-up that appears, then click "Add".
Select "Computer Account" in this latest pop-up, then on the next screen select "local computer", then click finish.

Note: You should now see "Certificates (Local Computer)" under the "Selected snap-in:" panel toward the right.

Click "OK" to get back to the MMC.

Within the main MMC window, there should now be a folder under Console Root that reads "Certificates (Local Computer)".
Expand this "Certificates (Local Computer)" folder, then expand the "Intermediate Certification Authorities" folder.
Now right-click on the "Certificates" folder, hover your mouse over "All Tasks", then click on "Import...".

This will start the Certificate Import Wizard.

Click on "Next", then click on "Browse". Navigate to the intermediate file you received from Trustwave® and click "Open".
Click "Next", ensure "Place all certificates in the following store" is selected and "Intermediate Certification Authorities" is listed as the Certificate Store.
CLick "Next, then click "Finish".

You should now be back in the main MMC window. Double-click the "Certificates" folder under "Intermediate Certification Authorities".
The center panel should populate with all the installed Intermediate Certificates.
Scroll down and verify that there is a certificate titled "Trustwave Organization Validaiton CA, Level 2" or "Issued By: Trustwave Domain Validation CA, Level 1" depending on which intermediate file you require.

The Trustwave® Intermediate certificate is now installed.

Configure your site to utilize the newly installed SSL

Within IIS Manger; click on "Connections", select server the SSL will be used on, then select the specific site.

Within the right-most panel; click on "Bindings".

Within the "Site Bindings" pop-up; click the "Add..." button.

Within the "Add Site Binding" pop-up; populate the fields with the appropriate information.

"Type" - This is type of binding you will be setting up. For an SSL certificate, choose "https".
"IP Address" - This is the IP address of your web site. If you don't know the IP address of your site, choose the "All Unassigned" option.
"Port" - This is the port that will be used for SSL traffic. SSL connections are typically handled through port 443.
"SSL Certificate" - This is the SSL certificate you wish to use with this binding.

Click "OK"

The Trustwave® SSL certificate is now installed and your site is now configured to us said SSL.

Restart the IIS service.



Certificate Analyzer

Once you have completed your certificate installation you can use our instant online troubleshooter to verify your installation and help resolve problems.
Certificate Analyzer→

Go Green