SSL Certificates, Tips for Microsoft IIS Users
Certificate CSR generation and install tips for Microsoft IIS Users
First, perform the Root and Intermediate Certificate installation via MMC using the instructions located here. Then, install your server certificate using the instructions provided on the Comodo website for IIS 5.x/6.x, IIS 7.x, or IIS 8.x.
Tips for IIS users:
- Some users who have Windows Server 2012 or 2008 and IIS7 installed report issues when simply choosing "renew" in IIS to auto-generate their CSRs. The symptom of this issue is the generation of an extra-long CSR that is unreadable by the vendor. The workaround for this is to choose "Create new" and then import and register the new certificate.
- IIS requires a restart to ensure it is able to serve the full certificate chain correctly. Users have reported success with import a single combined .cer file into IIS that includes the machine certificate, intermediates, and root (in that order). The order is necessary to ensure proper installation.
- IIS does not support creating SAN CSR's through its wizard, but this can be accomplished using the built-in certificate tool in Windows and/or the OCS interface where applicable.