This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 36%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Morning, I've read "Create Certificate Request using SHA256 in IIS", "Import SSL to existing WIndows IIS server" and completed my CSR using NOIP services, downloaded my PKCS-7 version to import into IIS10.
This file has three certs, DigiCertCA, mydomain_com, TrustedRoot. I read the instructions from the link in the first read post by User-1499256089 posted, the second read post by was not clear to me, so can someone show or link me to what cert or all (DigiCertCA, mydomain_com, TrustedRoot) do I need to import and by what method and where?
I've also just read "Installing server certificates manually in IIS" but its importing a .pfx file, will this work for the cert(s) from NOIP in the above mention format. I'm assuming I only need to import mydomain_com cert?
I would really appreciate it,
Thanks!...
If you generate CSR from an IIS machine, and then import mydomain_com to complete the certificate request in IIS Manager should be enough. If you generate the CSR in any other way, however, the steps are different.
HI @Anonymous
I successfully use the MMC according to the third reading, but I don't see the cert listed in IIS Server Certificates, what is the next step(s) to get in there and bind it to a site?
You can read the entire story from https://halfblood.pro/the-whole-story-of-server-certificate-disappears-in-iis-7-7-5-8-8-5-10-0-after-installing-it-why-b66e802baa38 The most important thing to note is that DigiCert is only able to issue you the certificate itself (usually the file mydomain_com), and you need to use your original private key (the one used to generate the CSR) as well on the IIS machine to complete the certificate request. That's why I said "If you generate CSR from an IIS machine". Can you recall how you generated the CSR? If that was in any other way, now you need to disclose that and try to find your private key first.
Oh yes, I have all the information, and files I generated the CSR from a apache server running on my Almalinux Server, and completed the request using the service from NOIP's No-IP Vital Encrypt DV. I'll read the link provided....
Excellent, that did the job! Question, NOIP's No-IP Vital Encrypt DV does not except a passphrase in this cert, so even though I successfully imported the cert, will this have any security concerns?
Private key security (who else might be able to export it out and make use of it) is a separate option, https://security.stackexchange.com/questions/233429/when-why-should-the-mark-this-key-as-exportable-option-be-selected-when-import Your company should have a security policy on that option. Personally I choose not to make the private key exportable.
So, your private key is on that Linux machine, and you received the certificate. You will have to use a tool like OpenSSL to combine the private key and the certificate to a .pfx file (I wrote some commands in my blog post for your reference).
Once you get that file you can go back and import it to Windows/IIS.