Installation – Microsoft IIS 4.0

This document provides instructions for installing SSL Certificates. If you are unable to use these instructions for your server, VeriSign recommends that you contact Microsoft.

Install SSL Certificate

VeriSign will email you the certificate. If the certificate is an attachment (Cert.cer), you can use the file. If the certificate is in the body of the email, copy and paste it into a text file (such as OriginalCert.txt) using Vi or Notepad. Do not use Microsoft Word or other word processing programs that may add characters.

Confirm that there are no extra lines or spaces in the file.

Note to ISP Center Customers: If you have purchased a Secure Site Certificate from the ISP Center, go directly to Step 4.

1. Download the SGCinst.exe utility file at:

2. Copy the SGCinst.exe file into the same web server directory that includes your certificate text file.

3. Open an MS DOS prompt window, change directory (cd) to the directory that includes both files and type in this command:

sgcinst -i -o output_file_name.cer input_file_name.txt (*file name of the certificate you received from VeriSign – i.e. OriginalCert.txt)

NOTE: This tool does two things:

Installs the required Intermediate CA certificates that correspond to your SSL certificate. This must be installed on every server.

Parses out the end-entity server certificate that Key Manager requires for installation.

4. Open the Microsoft Management Console (MMC) for IIS. This is normally reached by selecting Start -> Programs -> Windows NT 4.0 Option Pack -> Microsoft Internet Information Server -> Internet Service Manager.

5. Expand the Internet Information Server folder by selecting the + sign and then select the + sign next to the computer name.

6. Locate the website that is going to be using the SSL Certificate. This is usually the Default Web Site.

Right click the appropriate website and choose Properties.

In the Properties window, click the Directory Security tab. Click Edit next to Secure Communications, and then click Key Manager.

7. Install the new Server ID by clicking the key in the www directory (usually a broken key icon with a line through it), and select Install Key Certificate.

NOTE: Please be sure you select the output file you created (output_file_name.cer) when running the sgcinst.exe utility.

8. Enter the Password.

9. When you are prompted for bindings, add the IP and Port Number. Any assigned is acceptable if you do not have any other certificates installed on the web server. Multiple certificates installed on the same web server require a separate IP Address for each because SSL does not support host headers.

10. Select Commit Changes from the Computers menu, or close Key Manager and click Yes when you are prompted to commit changes.

The new Server ID is now successfully installed. You may need to reboot the web server if necessary.