This document describes how to install an SSL certificate in IIS.
- The certificate name
cloud.tencent.comis used as an example. The actual name in your certificate shall prevail.
- Windows Server 2012 R2 is used as an example. Detailed steps vary slightly by OS.
- Before you install an SSL certificate, enable port
443on the IIS server so that HTTPS can be enabled after the certificate is installed. For more information, see How Do I Enable Port 443 for a VM?.
- For detailed directions on how to upload SSL certificate files to a server, see Copying Local Files to CVMs.
Log in to the SSL Certificate Service console, and click Download for the certificate you need to install.
In the pop-up window, select IIS for the server type, click Download, and decompress the
cloud.tencent.com certificate file package to a local directory.
After decompression, you can get the certificate file of the corresponding type, which contains the
Files in the folder:
cloud.tencent.com.pfx: certificate file
keystorePass.txt: password file (if you have set a private key password, this file will not be generated)
Open the IIS Manager, select the computer name, and double-click Server Certificates.
In the Actions column on the right of the Server Certificates window, click Import.
In the Import Certificate pop-up window, select the path where the certificate file is stored, enter the password, and click OK as shown below:
- If you have set a private key password when applying for the certificate, enter the private key password; otherwise, enter the password in the
keystorePass.txtfile in the
- If you forgot your private key password, submit a ticket to have the certificate deleted and reapply for one under the domain.
Select the name of a site in Sites and click Bindings in the Actions column on the right.
In the Site Bindings pop-up window, click Add.
In the Add Site Binding window, set Type to https, IP address to All Unassigned, and Port to 443, enter the domain of your current certificate in Host name, specify the corresponding SSL certificate, and click OK.
Then, you can see the newly added content in the Site Bindings window.
Access the website through
If the security lock icon is displayed in the browser, the certificate has been installed successfully.
In case of a website access exception, troubleshoot the issue by referring to the following FAQs:
- [404 Error After the SSL Certificate is Deployed on IIS](https://intl.cloud.tencent.com/document/product/1007/39820)
- For normal redirect, edit the rule in the following steps. If you have other needs, you can set it on your own.
- During the redirect from HTTP to HTTPS, if your website element contains external links or uses the HTTP protocol, the entire webpage is not completely based on HTTPS. In this case, some browsers may prompt for risk such as "this link is unsecure" due to those factors. You can view the error cause by clicking Details on the unsecure page.
Open the IIS Manager.
Select the name of a site in Sites and double-click to open URL Rewrite.
Download and install the URL Rewrite module before performing this step.
Go to the URL Rewrite page and click Add Rule(s) in the Actions column on the right.
In the Add Rule(s) pop-up window, select Blank rule and click OK.
Go to the Edit Inbound Rule page.
Name: Enter Forced HTTPS.
Match URL: Enter
(.*) in Pattern.
Conditions: Click to expand and click Add to pop up the Add Condition window.
Check if input string: Select "Matches the Pattern" by default.
Action: Enter the following parameters.
Action Type: Select "Redirect".
Redirect Type: Select "See Other (303)".
Click Apply in the Actions column to save.
Return to the Sites page and click Restart in the Manage Website column on the right. Then, the website can be accessed through
If anything goes wrong during this process, contact us.