Knowledgebase: SSL123 Certificate
How to install a Thawte SSL123 certificate in Microsoft IIS 7.0
Posted by Gareth S on 23 November 2012 05:09 AM

Thawte now offers the Symantec SSL Assistant to make it easy to generate a CSR and install a certificate for Microsoft IIS 7.0 servers running .NET 2.0 or higher. As an independent subsidiary of Symantec, Thawte offers Symantec SSL Assistant as a benefit of our corporate relationship.

To install a Thawte SSL123 Certificate on Microsoft IIS 7.0, follow the instructions below:
Thawte Reseller customers
Download your certificate in PKCS#7 format, refer to solution SO17717

Step 1 : Download your Thawte certificate

  1. You will receive an email when your certificate is issued.
  2. Download your certificate as per the instruction on the following solution: SO13187
  3. Select the 'PKCS#7' format option and click Pick Up certificate
  4. Copy and Paste your Thawte certificate to Notepad and save as a certificate.p7b

Step 2: Locate and Disable the Thawte Primary Root CA

  1. Create a Certificate Snap-In in Microsoft Management Console (MMC). Please see the following solution for infomation on this: SO1849
  2. With the MMC and the Certificates snap-in open, expand the Trusted Root Certification Authorities folder on the left and select the Certificates sub-folder.
  3. Locate the following certificate:
    Common Name - Thawte Primary Root CA
    Expiry Date - 17th July 2036
    Thumbprint - 91 c6 d6 ee 3e 8a c8 63 84 e5 48 c2 99 29 5c 75 6c 81 7b 81

  4. If this certificate is present, it must be disabled.
  5. Right click the certificate
  6. Select Properties
  7. In the Certificate purposes section, select Disable all purposes for this certificate

  8. Click the OK button
  9. Close the MMC - there is no need to save console settings

Step 3 : Install SSL certificate

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. From the left menu, click the corresponding server name
  3. In the Features pane (middle pane), under Security, double-click Server Certificates

  4. From the Actions pane (right pane), select Complete Certificate Request

  5. Provide the location of the certificate file and the friendly name
    Note: Friendly name is a reference name for quick identification of the certificate for the Administrator
  6. If you get this error "CertEnroll::CX509Enrollment::p_InstallResponse: ASN1 bad tag value met. 0x8009310b" or similar, complete the following steps: SO11614

Step 4 : Add an HTTPS binding to a Web site
For IIS7, you need to bind the HTTPS protocol to a Web site then assigning the install certificate

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. Browse to your server name > Sites > Your SSL-based site
  3. In the Actions pane, click Bindings.

  4. In the Site Bindings window, If there is no existing https binding, choose Add
    Note: if there is already a https binding, select it and click Edit

  5. From the Add Site Bindings window, provide the binding type

  6. Select the SSL certificate that will be used for this site
  7. Click OK

Step 5: Verify certificate installation

  1. Stop and start your Web server prior to any testing
    Note: In some cases the changes may not take place after restarting IIS Services and a re-boot is needed.
  2. To verify the SSL certificate instalaltion, use the Thawte Certificate Installation checker utility located here: SO9555


Thawte has made efforts to ensure the accuracy and completeness of the information in this document. However, Thawte makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. Thawte assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document. Further, Thawte assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. Thawte reserves the right to make changes to any information herein without further notice.

(0 vote(s))
This article was helpful
This article was not helpful

Comments (0)
Post a new comment
Full Name:
Leave Your Feedback:
CAPTCHA Verification 
Please enter the text you see in the image into the textbox below. This is required to prevent automated registrations and form submissions.

© 2012 All rights reserved • Privacy PolicyTerms of Service