how to install ssl certificate in windows server

Securing your website with an SSL certificate is no longer optional. Whether you’re hosting a client-facing platform or an internal dashboard, HTTPS encryption is now a basic requirement. It protects data integrity, ensures user trust, and is a confirmed ranking factor in Google’s search algorithm. For Windows Server users running IIS, the process of installing an SSL certificate might seem intimidating at first—but once broken down, it’s completely manageable.

In this article, we’ll walk through every step required to install an SSL certificate on Windows Server (2016, 2019, or 2022). You’ll learn how to prepare the certificate, import it into your system, and bind it to your site via IIS. Let’s get started.

Step 1 – Convert your certificate to PFX format

Windows Server uses .pfx files, which combine your SSL certificate, its private key, and the certificate authority (CA) chain. If your provider sent you .crt and .key files separately, you’ll need to bundle them.

The easiest way to do this is with OpenSSL. After installing it on your server, open PowerShell or Command Prompt and navigate to the folder containing your certificate files. Then run:

openssl pkcs12 -export -out yourdomain.pfx -inkey private.key -in certificate.crt -certfile ca_bundle.crt

You’ll be prompted to create a password. This password will be required later when importing the certificate, so make sure it’s secure and saved somewhere safe.

Step 2 – Import the SSL certificate into Windows Server

To make the server recognize the certificate, you need to import it using the Microsoft Management Console (MMC). Press Win + R, type mmc, and hit Enter. From the top menu, click on File > Add/Remove Snap-in. Choose “Certificates” and add it for the “Computer account”.

Inside the MMC interface, expand the “Personal” folder under “Certificates (Local Computer)”. Right-click on “Certificates” and choose All Tasks > Import. Follow the Certificate Import Wizard, selecting your .pfx file and entering the password you created earlier.

Make sure you leave the certificate in the “Personal” store and enable the “Mark this key as exportable” option in case you need to move it later.

Step 3 – Assign the certificate to your website in IIS

Now that the certificate is installed on your server, it’s time to bind it to your website. Open IIS Manager and select your website from the “Sites” section in the left panel. On the right side, click on Bindings, then either add a new HTTPS binding or edit an existing one.

In the binding window, set the type to “https”, the port to 443, and choose the correct SSL certificate from the dropdown list. Save the changes and close the dialog.

Step 4 – Restart IIS and verify your SSL certificate

To finalize the installation, restart IIS using the following command in PowerShell:

iisreset

Once restarted, open a browser and navigate to your domain using https://. If everything went correctly, you should see the padlock icon next to your URL, confirming that SSL is active.

To double-check the configuration, you can use online tools like SSL Labs’ test or run:

certutil -store My

This will display all certificates in your personal store, including expiration dates and thumbprints.