You Are Here:

United Kingdom Home > Support > Managed PKI for SSL Support > Installation Instructions for Microsoft IIS 4.0

Managed PKI for SSL Support

MPKI for SSL Information Generate a CSR Certificate Enrolment Install a Certificate

Installation Instructions for Microsoft IIS 4.0

This document provides instructions for installing SSL Certificates. If you are unable to use these instructions for your server, VeriSign recommends that you contact your software vendor or an organisation that supports Microsoft IIS 4.0.

Premium and Intranet Edition SSL Certificates

If you are installing a Managed PKI for SSL Premium Edition or a Managed PKI for SSL Intranet Certificate, you need to first install the intermediate CA (‘intermediate.crt’) provided by your administrator.

1. Download the SGCinst.exe utility file at: ftp://ftp.microsoft.com/bussys/winnt/winnt-public/misc/sgcinst/x86/sgcinst.exe
2. Copy the SGCinst.exe file into the Web server directory where your certificate text file is located.
3. Open an MS DOS prompt window, change directory (cd) to the directory that includes both files and type in this command:   
   sgcinst.exe 'file name of intermediate CA' -i -o 'outputfile name such as cert.txt'

The certificate provided by your administrator includes your Server ID (‘output file’) and the VeriSign Intermediate CA file. The -i option copies the VeriSign Intermediate CA file into the Registry of your Web server and the -o option directs your Server ID to an output file (cert.txt).]

Managed PKI for SSL Administrators: how to find your Intermediate CA.

Install the SSL Certificate

When your Managed PKI for SSL Administrator has approved your request you will receive an email from VeriSign that contains your certificate.  If the certificate is an attachment (Cert.cer), you can use the file. If the certificate is in the body of the email, copy and paste it into a text file (such as OriginalCert.txt) using Vi or Notepad. Do not use Microsoft Word or other word processing programs that may add characters. Confirm that there are no extra lines or spaces in the file.

1. Open the Microsoft Management Console (MMC) for IIS. This is normally reached by selecting Start -> Programs -> Windows NT 4.0 Option Pack -> Microsoft Internet Information Server -> Internet Service Manager.
2. Expand the Internet Information Server folder by selecting the ‘+’ sign and then select the ‘+’ sign next to the computer name.
3. Locate the Web site which will use the SSL Certificate. This is usually the ‘Default Web Site’. Right-click on the Web site and choose Properties.
4. In the Properties window, choose the Directory Security tab.
5. Click on Secure Communications located next to Edit button. Then click on the Key Manager button.
6. Install the new Server ID by clicking on the key in the www directory (usually a broken key icon with a line through it) and select Install Key Certificate.
7. Enter the password.
8. When you are prompted for bindings, add the IP and port number. Any assigned is acceptable if you do not have any other certificates installed on the Web server. Multiple certificates installed on the same Web server will require separate IP addresses, because SSL does not support host headers.
9. Go to the Computers menu and select Commit Changes or close Key Manager and select Yes when prompted to commit changes.
10. The new Server ID is now successfully installed. You may need to reboot the Web server.

Support

For more information, go to the Microsoft Knowledgebase.