IIS certificate installation

Sitecore is all about the SSL, and so we need to be as well.

I would like to preface this blog post by saying that I am by no stretch of the imagination an expert on SSL or certificates, which probably is not how you generally want to start a tech blog post: stating that you suck at the subject...


I'm going to give it a go anyway. If nothing else this is what did the trick for me. My scenario was the following: I was handed a .cert-file, and asked to install this on a windows 2016 server. Piece of cake I thought, and ran through the below steps.

  • Fire up MMC (Microsoft Management Console, you can simply write mmc in windows start)
  • choose File --> Add/Remove Snap-in.
  • Here you double click Certificates (alternatively select it then click add) in the left pane.
  • A dialog will pop-up where you need to choose which account to manage certificates for. Choose Computer Account.
  • Next you will be asked which computer you want to manage certificates for. Choose Local Computer.
  • Now the dialog should disappear and you should see Certificates in the right pane of the Add/Remove Snap-in window. Click OK.
  • In the left pane of MMC, navigate to Certificates --> Personal --> Certificates.
  • In the middle pane you'll see a list of all your personal certifcates. Right-click anywhere in the middle pane, or on the Personal --> Certificates node in the left pane. Choose All Tasks --> Import.
  • Check Local Machine (If it's not initally checked) and in the next windows select the certificate file. Finish the wizard.
  • Done (or so I thought...)

I opened up my IIS manager, selected my website and opened up Bindings. I chose my https binding, opened it and was all ready to select my new certificate. Only it wasn't there...

MMC Cert icon key

If you look at the certificate in MMC, it probably won't have a little key attached to the icon (see above image. Yours probably won't say localhost, it's just an example). Through the advice of some competent collegues, I was suggested to go through below steps.

  • Double click your new certificate in MMC, and under the details tab you can find a Thumbprint attribute, a long series of 2-letter combinations separated by spaces.
  • Copy the tumbprint to your text editor and remove all spaces. Copy the new no-spaces thumbprint.
  • Open CMD as admin, and run this command (where the X:s is your thumbprint) : certutil -repairstore my "XXXXXXXXXXXXXX"

You should now see the little key icon on your certificate, and if you open up your IIS binding and open the certificates dropdown, you should now see your new certificate!

16 Nov 2018, by Bonny Nilsson | 

SSL, HTTPS, Sitecore 9, IIS, Certificate