< Back to Knowledge Base Home

How to Install SSL on IIS: Complete Windows Server Guide

Learning how to install SSL on IIS is essential for securing your Windows web server and protecting data transmission. This guide covers three methods for SSL certificate installation on IIS using GUI, PowerShell, and command-line approaches.

Prerequisites Before You Begin

Before starting, ensure you have administrator access to Windows Server, a valid SSL certificate file in .pfx or .p12 format, IIS installed and running, and the certificate password if applicable.

How to Install SSL on IIS Using IIS Manager

The graphical method to install SSL on IIS is the most user-friendly approach for Windows administrators.

Open IIS Manager:

Start > Run > inetmgr

Import Your SSL Certificate:

Click on your server name in IIS Manager
Double-click “Server Certificates”
Click “Import…” in the Actions panel
Browse to your certificate file (.pfx)
Enter the certificate password
Click “OK”

Bind Certificate to Your Website:

Expand “Sites” and select your website
Click “Bindings…” in the Actions panel
Click “Add…”
Set Type to “https” and Port to “443”
Select your SSL certificate from the dropdown
Click “OK”

How to Install SSL on IIS Using PowerShell

For administrators who prefer automation, PowerShell provides a powerful way to install SSL on IIS.

Import the Certificate:

Import-PfxCertificate -FilePath "C:pathtocertificate.pfx" -CertStoreLocation Cert:LocalMachineMy -Password (ConvertTo-SecureString -String "your-password" -AsPlainText -Force)

Retrieve Certificate Thumbprint:

Get-ChildItem -Path Cert:LocalMachineMy | Where-Object {$_.Subject -like "*yourdomain.com*"}

Bind SSL Certificate:

New-WebBinding -Name "Default Web Site" -Protocol https -Port 443
$cert = Get-ChildItem -Path Cert:LocalMachineMy | Where-Object {$_.Subject -like "*yourdomain.com*"}
New-Item -Path IIS:SslBindings.0.0.0!443 -Value $cert

How to Install SSL on IIS Using Command Line

Advanced users can install SSL on IIS using the netsh command-line tool for certificate binding.

Bind Certificate with Netsh:

netsh http add sslcert ipport=0.0.0.0:443 certhash=CERTIFICATE_THUMBPRINT appid={4dc3e181-e14b-4a21-b022-59fc669b0914}

Security Enhancements After Installation

After you install SSL on IIS, strengthen security by disabling weak protocols through registry modifications.

Disable Outdated Protocols:

reg add "HKLMSYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Server" /v Enabled /t REG_DWORD /d 0 /f
reg add "HKLMSYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 3.0Server" /v Enabled /t REG_DWORD /d 0 /f
reg add "HKLMSYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Server" /v Enabled /t REG_DWORD /d 0 /f

Enable Strong Protocols:

reg add "HKLMSYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server" /v Enabled /t REG_DWORD /d 1 /f
reg add "HKLMSYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.3Server" /v Enabled /t REG_DWORD /d 1 /f

Force HTTPS Redirect Configuration

Configure automatic HTTP to HTTPS redirection by adding this rewrite rule to your web.config file:

<system.webServer>
  <rewrite>
    <rules>
      <rule name="Redirect to HTTPS" stopProcessing="true">
        <match url="(.*)" />
        <conditions>
          <add input="{HTTPS}" pattern="off" ignoreCase="true" />
        </conditions>
        <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
      </rule>
    </rules>
  </rewrite>
</system.webServer>

Testing Your IIS SSL Installation

Verify your configuration by accessing our online SSL Certificate Checker Tool, or openhttps://yourdomain.com in a browser, checking the certificate details by clicking the lock icon, using PowerShell command Test-NetConnection yourdomain.com -Port 443.

Following this comprehensive guide on how to install SSL on IIS ensures your Windows Server supports secure HTTPS connections with proper encryption and modern security standards.