May 2023

How to Install an SSL Certificate on Zimbra Mail Server The following instructions will guide you through the SSL/TLS Certificate installation process on “Zimbra Mail Server.” If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been received this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. SSL/TLS Certificate Installation Instructions for Zimbra Mail Server You can install SSL Certificate in two ways: Zimbra Administration Console– Web Interface B. Zimbra Certificate Manager – Command Line Interface (CLI) Installing SSL/TLS Certificate using Zimbra Administration Console Configure In the main menu, click Configure. Certificates – Install Certificate Select Certificates. Then, click the gear icon on the top right (next to Help) and select Install Certificate. Select the Target Server On the Select the Target Server tab, select your server from the Server Name drop-down menu. Click Next. Choose the Installation Option On the Choose the Installation Option tab. Then, click the bubble for Install the commercially signed certificate. Review the Certificate Signing Request Go to the last tab, Review the Certificate Signing Request. Verify that all of the CSR information is correct, then click Next. Upload the Certificate Go back up to the Upload the Certificate tab where you will import each required file to the server. Each of these files should be emailed to the admin and technical contacts for the certificate, and can also be downloaded in a zipped folder from your account. In the example image, the certificate is from Comodo and uses Comodo’s specific root and intermediate certificates. Please feel free to contact our support team if you have any questions about which certificate files you should use for your installation. Install the Certificate Finally, go to the Install the Certificate tab and click Install. Restart To apply the changes you’ve just made, you’ll need to restart Zimbra services using the Command Line Interface. Enter these commands to switch to Zimbra user: sudo su su zimbra Once the user is switched to Zimbra user, restart the services using following command: zmcontrol restart Congratulations!!! You’ve done it. You’ve successfully installed your SSL certificate on your Zimbra server. Wasn’t so hard, was it? Installing SSL/TLS Certificate using Zimbra Certificate Manager (Command Line Interface) Zimbra package comes with “zmcertmgr” tool for handling SSL Certificates. For Version 8.6 or lower, this tool must be accessed as root. If you have version 8.7 or later, you should run this tool as zimbra user. Run the below command in order to switch from default user to zimbra user. sudo su su zimbra Download and save the root CA certificate to a temporary file. For example: /tmp/ca.crt These files should be labeled in the zipped folder you can download from your account. Combine root and intermediate CA certificates into a temporary file. cat /tmp/ca_intermediary.crt /tmp/ca.crt > /tmp/ca_chain.crt Verify your certificate /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/server_domain_com.crt /opt/server_domain_com.ca-bundle Deploy your SSL certificate /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/server_domain_com.crt /opt/server_domain_com.ca-bundle Verify the certificate deployment /opt/zimbra/bin/zmcertmgr viewdeployedcrt Restart Zimbra to apply changes Enter these commands to switch to Zimbra user: sudo su su zimbra Once the default user is switched to Zimbra user, run the following command to restart the server: zmcontrol restart Your certificate should now be installed.  

How to Install an SSL/TLS Certificate on Microsoft Exchange 2013 The following instructions will guide you through the SSL installation process on Microsoft Exchange 2013. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Copy your certificate Copy your SSL Certificate to your Exchange Server’s Network Share Folder. Note: This should be the same location where you saved your CSR. Open Exchange Admin Center This can be done by opening a browser and visiting:https://localhost/ecp Log in Select Servers In the left-hand column, select Servers, then select Certificates from the top-right menu. Select Complete Choose your SSL Certificate from the menu in the middle of the page, then select Complete. Enter the network path Enter the network path where your certificate file is located. Select OK Select OK, and the certificate will be installed on the server. Enable Your Certificate Go back to Exchange Admin Center To enable your SSL Certificate, go back to the Certificates section of the Exchange Admin Center (from Step 4). Select your certificate Select the Certificate you would like to enable and click the Edit icon. Select your services Click the Services option and select the services you would like you SSL Certificate enabled for, then click Save. Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.  

How to Install an SSL/TLS Certificate In Web Host Manager (WHM) The following instructions will guide you through the SSL installation process on Web Host Manager (WHM). If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Log in to WHM Log in to WHM, this can typically be accessed by going to https://domain.com:2087. Note: You may encounter error message “Your connection is not private” or something similar when attempting to visit your WHM login page. This is caused due to your login page using a self-signed certificate by default. Please disregard this and proceed past the error message. Enter Username/Password Enter your Username/Password and click Log in. Go to your Homepage Make sure you’re on your WHM Homepage. Click SSL/TLS Click the SSL/TLS button. Click Install an SSL Certificate on a Domain In your SSL/TLS Manager page, click Install an SSL Certificate on a Domain. Type in your domain name In the Domain field, type the domain name you want to secure with your SSL Certificate. Input your Certificate Files Copy and paste your Certificate Files into the appropriate text box(s). Certificate– This is your server certificate that was issued to your domain(s).Note 1: WHM should automatically fetch the Certificate (CRT) text if you previously uploaded the server certificate  on the server and entered the correct domain name above. Note 2: If you received the certificate in a ZIP file, click “Extract All” and then drag your server certificate into a text editor such as Notepad. This will allow you to copy all text contents needed including “—–BEGIN CERTIFICATE—–” and “END CERTIFICATE—–“. Private Key – This is your private key that was created during the generation process.Note 1:WHM should automatically fetch the Private Key text if you previously created the Certificate Signing Request (CSR) in the “Generate an SSL Certificate and Signing Request” section of your SSL/TLS Manager and entered the correct domain name above.Note 2: If you made the CSR and private key outside of your WHM account and failed to save the files, you will have problems proceeding and may need to re-issue the SSL certificate with a newly created key pair. Certificate Authority Bundle (optional) – These are your intermediate certificates that allow browsers and devices to understand who issued your trusted certificate.Note 1:WHM automatically fetch the CA Bundle from a public repository. If you forgot to save these files, download the appropriate CA/Chain Certificate for your certificate.  Note 2: If you have multiple intermediate certificates, paste each of them one after another to create the correct certificate chain/path. Click Install Once you’ve inpuuted the Certificate Files into the correct boxes, click Install. Note 1: You are not required to “Enable SNI for Mail Services”. Server Name Indication (SNI) should only be used if multiple hostnames are being server over HTTPS from the same IP address. Note 2: You or your web host may need to restart the Apache server before the certificate will work. Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect. To check your server’s configurations more thoroughly, use our SSL Checker Tool or contact our Customer Experience Department for additional assistance. Manual Intermediate Installation Instructions If the intermediate certificates did not successfully install and configure themselves accordingly using the instructions above, please reference the instructions below on how to manually install them directly in Apache. If you do not have access to your Apache server, please contact your web host or system administrator for additional assistance. Locate the Virtual Host File Locate the Virtual Host File, this can typically be accessed in the /etc/httpd/conf/httpd.conf file.Note: The location and name of this file can change from server to server depending on your configuration. Another popular name for the file is “SSL.conf”. View the Virtual Host File View the Virtual Host configuration with the proper name & IP address (including port 443). Edit your Virtual Host Edit your Virtual Host configuration by adding the bolded YourIntermediateCertificate file below: <VirtualHost 192.168.255.255:443> DocumentRoot /var/www/html2 ServerName www.yourdomain.com SSLEngine on SSLCertificateFile /path/to/your_domain_name.crt SSLCertificateKeyFile /path/to/your_private.key SSLCertificateChainFile  /path/to/YourIntermediateCertificate.crt </VirtualHost> Note: Make sure you type the correct file path and name where you plan on saving the intermediate certificates. You should save these certificates in the same directory that cPanel has your server certificate and private key stored. Save the changes Save the configuration file changes. Add the intermediate certificate Add the intermediate certificate file to the same directory that cPanel has your server certificate and private key stored. Restart your server Restart your Apache server.  

How to Install an SSL/TLS Certificate In Tomcat The following instructions will guide you through the SSL installation process on Tomcat. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Convert your certificate files Convert your certificate files from PEM (.cer or .crt)  to PKCS#7 (.p7b) Format. You can easily do this on your own system by running below OpenSSL command. openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer Access your Directory Go to the same Directory where you previously saved the keystore and Certificate Signing Request (CSR). Note: You must install the certificate on the same keystore and under the same “alias name.” If not, you will encounter problems during installation and may have to start over. Run the Install command Install the certificate in the same keystore by running the following command: keytool -import -trustcacerts -alias server -file your_file_name.p7b -keystore your_domain_name.jks Note: Replace “your_domain_name” with the primary domain you will be securing and “your_file_name” with the PKCS#7 file name that you recently converted & saved. Check confirmation message You should receive this confirmation message: “Certificate reply was installed in keystore.” Enter Y Enter Y or Yes when prompted to trust the certificate. Note: Your keystore now has the correct certificate files to use SSL/https on your Tomcat server. Configure an SSL Connector Now, you need to configure an SSL connector which will enable the server to accept secure connections. Open the .xml file Open the .xml file from your server in a text editor such as Notepad. Note: The .xml file is generally stored in the conf folder in your server’s home directory. Locate your connector Locate the connector that you intend to use the new keystore to secure. Note: Typically, the connector used has port 443 or 8443. Uncomment the connector Uncomment the connector – if necessary – by removing the comment tags (<!– and –>). Enter the keystore filename and password Enter the correct keystore filename and password. See our example below: <  Connector port=”443″ maxHttpHeaderSize=”8192″ maxThreads=”150″  minSpareThreads=”25″ maxSpareThreads=”75″  enableLookups=”false” disableUploadTimeout=”true”  acceptCount=”100″ scheme=”https” secure=”true” SSLEnabled=”true” clientAuth=”false” sslProtocol=”TLS” keyAlias=”server”  keystoreFile=”/home/user_name/your_domain_name.jks”  keystorePass=”your_keystore_password” /> Note: If you are using a version prior to Tomcat 7, please change the word “keystorePass” to “keypass”. Save your changes Save all changes made to your .xml file. Restart Tomcat Restart your Tomcat server to complete the SSL installation process. Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.  

How to Install an SSL/TLS Certificate In Plesk 10 The following instructions will guide you through the SSL installation process on Plesk v.10. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Log in Log in to Parallels Plesk Panel Select Websites & Domains Select Websites & Domains tab in the top navigation menu. Click SSL Certificate Click the SSL Certificate link. Click Manage Click Manage next to the domain the certificate is for. Click Add SSL Certificate Click Add SSL Certificate. Upload the Certificate Files Upload the Certificate Files using either one of the two options below: Option 1: Upload certificate files This option will allow you to browse for your previously saved Private Key, Certificate (Your Server Certificate), and CA Certificate (Intermediate Certificates). Option 2: Upload certificate as text This option will allow you to copy your previously saved Private Key, Certificate (Your Server Certificate), and CA Certificate (Intermediate Certificates) from a text editor such as Notepad and paste into the blank text boxes. Note 1: If you made the CSR and private key outside of your Plesk account and failed to save the files, you will have problems proceeding and may need to re-issue the SSL certificate with a newly created key pair. Note 2: If you received the certificate in a ZIP file, click “Extract All” and then drag your server certificate into a text editor such as Notepad. This will allow you to copy all text contents needed including “—–BEGIN CERTIFICATE—– ” and “END CERTIFICATE—– “. Note 3: If you forgot to save the intermediate certificates, download the appropriate CA Bundle for your certificate. Click Send Files or Send Text Depending on which upload option you chose in the previoys step, click either Send Files or Send Text. Return to the Websites & Domains tab Return to the Website & Domains tab, select your Domain Name, and click Hosting Settings. Check SSL Support Check SSL Support and select your newly uploaded Certificate Name in the Certificate dropdown menu. Click OK Click OK. Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.  

How to Install an SSL/TLS Certificate In Odin (Plesk v.11, 12, & 12.5) The following instructions will guide you through the SSL installation process on Odin (Plesk v.11, 12, & 12.5). If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Log in to Odin Log in to Odin, this can typically be accessed by going to https://domain.com:8443. Click Website & Domains In the Power User View, click Websites & Domains in the top navigation menu. Navigate to the correct Domain Navigate to the correct Domain Name by scrolling down and click Show More. Select Secure Your Sites Select Secure Your Sites as shown below. Click your Certificate Name Click the Certificate Name associated with your previously created Certificate Signing Request (CSR). Upload the Certificate Files Upload the Certificate Files using either one of the two methods below: Upload the certificate files – This option will allow you to browse for your previously saved Certificate(Your Server Certificate) and CA Certificate (Intermediate Certificates). Upload the certificate as text– This option will allow you to copy your previously saved Certificate (Your Server Certificate) and CA Certificate (Intermediate Certificates) from a text editor such as Notepad and paste into the blank text boxes.Note 1: If you received the certificate in a ZIP file, click “Extract All” and then drag your server certificate into a text editor such as Notepad. This will allow you to copy all text contents needed including “—–BEGIN CERTIFICATE—–“ and “END CERTIFICATE—–“.  Note 2: If you forgot to save the intermediate certificates, download the appropriate CA Bundle for your certificate. Click Send Files or Send Text Depending on the option you chose in Step 6. Click either Send Files or Send Text. Return to the Power User View Return to the Power User View, click Websites & Domains, select your Domain Name, and click Show More. Click Hosting Settings Click Hosting Settings in the options menu that appears after you select Show More Check SSL Support Check the option for SSL Support and select your newly uploaded Certificate Name in the Certificate drop-down menu. Click OK Scroll down and click OK. Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.  

How to Install an SSL/TLS Certificate In Nginx (OpenSSL) The following instructions will guide you through the SSL installation process on Nginx. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Copy your Certificate Files Copy the Certificate Files into the proper directory on your server. Note: For better security, make them readable by root only. Link your files You need to link the two certificates (or “Concatenate” them) into a single file by entering the command below: cat your_domain_name.crt Intermediate.crt >> bundle.crt Edit your virtual host file Edit your Nginx virtual host file. Copy the existing server module (the non-secure one) and paste it below the original before adding the following lines in bold: server { listen443;     ssl on;     ssl_certificate /etc/ssl/your_domain_name.pem; (or  bundle.crt) ssl_certificate_key /etc/ssl/your_domain_name.key; server_name your.domain.com; access_log /var/log/nginx/nginx.vhost.access.log; error_log /var/log/nginx/nginx.vhost.error.log; location / { root  /home/www/public_html/your.domain.com/public/; index  index.html; } } Restart Nginx Restart Nginx using the command line below: sudo /etc/init.d/nginx restart Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.  

How to Install an SSL/TLS Certificate In Microsoft Office Communications 2007 The following instructions will guide you through the SSL installation process on Office Communications 2007. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Launch your Office Communications Server 2007 Click Start, then select Programs, then Administrative Tools, and finally Office Communications Server 2007. Expand your snap-in Expand the Enterprise Edition Server snap-in. Select Certificates Right-click the correct Server and select Certificates. Select Next After selecting Next, choose Process the pending request and install the certificate. Select your SSL Certificate Find your SSL Certificate and hit next. Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.  

How to Install a TLS/SSL Certificate In Microsoft IIS 10 The following instructions will guide you through the SSL installation process on Microsoft IIS 10. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our IIS 10 CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Access Server in IIS Launch IIS Manager and click the server name in the Connections menu on the left. Open Server Certificates Manager On the Home page for the server, locate the IIS section in the center window and double-click Server Certificates. The Server Certificates control panel will open in the center window. Open Complete Certificate Request Wizard On the Actions menu on the right, click Complete Certificate Request… The Complete Certificate Request wizard will open in a new window. Specify Certificate Authority Response Click the …button to locate your certificate on your PC and add it into IIS. The Friendly Nameshould be something that helps you easily identify the certificate, such as the domain name, certificate authority, and expiration date, i.e. “domain.com Sectigo 12/25/2020” Finally, select Web Hostingas the certificate store and click OK to import your certificate. Set Certificate Bindings Return to the server home page in IIS. In the left-side Connectionsmenu, expand Sites and then click on the site that needs the SSL installed. On the Homepage for the website, in the right-side Actions menu, locate Edit Site and click Bindings… The Site Bindings window will open. If you are installing an SSL certificate for the first time, click Addto create a new binding. If you are replacing an old certificate, click the existing binding and then click Edit. In the Add Site Bindingswindow, select the following: Type: https IP Address: Select your site’s IP Address or All Unassigned. Port: 443 Host Name: Not required for single name certificate installation. If you are installing more than one certificate, or installing the certificate on more than one website, enter the host name (domain) that you want to secure and check the box to Require Server Name Indication. SSL Certificate: Select your site’s certificate from the drop-down menu. When all settings are configured, click OK. Your certificate should now be installed. You can navigate to your site in a web browser to check for the padlock, or use an online SSL Checker tool to verify the installation.  

How to Install an SSL/TLS Certificate In Microsoft IIS 8 The following instructions will guide you through the SSL installation process on Microsoft IIS 8 using a SSL certificate that only secures one domain name. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions (single name certificate) Launch IIS Manager Click Start, Control Panel, System and Security, Administrative Tools, and then select Internet Information Services (IIS) Manager. Select your server name In the left Connections menu, select the server name (host) where you want to install the SSL certificate. Click Server Certificates In the center menu, click the Server Certificates icon under the Security section near the bottom. Click Complete Certificate Request… In the right Actions menu, click Complete Certificate Request… Browse to your server certificate In the Complete Certificate Request wizard, click “…” to browse and select Your Server Certificate file that was previously saved on your server’s desktop. Name your certificate Enter a Friendly Name, which is an internal reference name to distinguish the file later. We recommend including the CAs name and expiration date. Select Personal Select Personal as your certificate store for the new certificate. Click OK Click OK and the newly installed certificate should appear in the refreshed Server Certificate List. Binding Your Certificate to Your Website Now, proceed with the remaining steps which will help you assign or bind the SSL certificate to the appropriate website. Access your Sites folder From the left Connections menu, expand your server’s name, expand the Sites folder, and then select the site (e.g. Default Web Site) that you want to secure. Click Bindings… In the right Actions menu, click Bindings… Click Add In Site Bindings…, if you are installing a new certificate and need to create a new binding, click Add. If you are renewing an expiring certificate, click the existing binding and click Edit.Note: If you already have the appropriate site binding created, click “Edit” and change the SSL certificate accordingly. Input the following In Add Site Binding, enter the following information: Type – Select “https.” IP Address– Select “All unassigned.” Now, if you have multiple IP address, select the correct one that applies. Port – Enter “443” unless you are listening to SSL traffic on another port (e.g. 992). SSL Certificates – Select the “friendly name” of the SSL certificate you just installed.  You can always click “View” to confirm the certificates validity details. Click Ok Click Ok to finish binding the SSL certificate to your live website. Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect. To check your server’s configurations more thoroughly, use our SSL Checker Tool or contact our Customer Experience Department for additional assistance. SSL Installation Instructions (multiple certificates using SNI) The following instructions will guide you through the SSL installation process on Microsoft IIS 8 with multiple SSL certificate securing one or more domain names using Server Name Indication (SNI). If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. Launch IIS Manager Click Start, Control Panel, System and Security, Administrative Tools, and then select Internet Information Services (IIS) Manager. Select your server name In the left Connections menu, select the server name (host) where you want to install the SSL certificate. Click Server Certificates In the center menu, click the Server Certificates icon under the Security section near the bottom. Click Complete Certificate Request… In the right Actions menu, click Complete Certificate Request… Browse to your server certificate In the Complete Certificate Request wizard, click “…” to browse and select Your Server Certificate file that was previously saved on your server’s desktop. Name your certificate Enter a Friendly Name, which is an internal reference name to distinguish the file later. We recommend including the CAs name and expiration date. Select Web Hosting Select Web Hosting as your certificate store for the new certificate. Click Ok Click Ok and the newly installed certificate should appear in the refreshed Server Certificate List. Note: If you receive an error during this step, please reference the “Known Error Message in IIS 8” section below. Binding Your Certificates to Your Website (multiple certificates using SNI) Now, proceed with the remaining steps which will help you assign or bind the SSL certificate to the appropriate website. Access your Sites folder From the left Connections menu, expand your server’s name, expand the Sites folder, and then select the site (e.g. Default Web Site) that you want to secure. Click Bindings… In the right Actions menu, click Bindings… Click Add… In Site Bindings…, click Add…Note: If you already have the appropriate site binding created, click “Edit” and change the SSL certificate accordingly. Input the following In Add Site Binding, enter the following information: Type – Select “https.” IP Address– Select “All unassigned.” Now, if you have multiple IP address, select the correct one that applies. Port – Enter “443” unless you are listening to SSL traffic on another port (e.g. 992). SSL Certificates – Select the “friendly name” of the SSL certificate you just